Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,971
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,091
Pub
10
RubyGems
833
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+

133 advisories

Loading
Parse Server stores password in plain text Low
CVE-2020-26288 was published for parse-server (npm) Dec 28, 2020
fastrde depsir
XSS in Vega Low
CVE-2020-26296 was published for vega (npm) Dec 30, 2020
User content sandbox can be confused into opening arbitrary documents Low
CVE-2021-21320 was published for matrix-react-sdk (npm) Mar 3, 2021
keerok
Path traversal in Node-Red Low
CVE-2021-21298 was published for @node-red/runtime (npm) Feb 26, 2021
Token verification bug in next-auth Low
CVE-2021-21310 was published for next-auth (npm) Feb 11, 2021
AlessandroA balazsorban44
iaincollins
Command injection in @diez/generation Low
CVE-2021-32830 was published for @diez/generation (npm) Sep 2, 2021
Cross-site Scripting in dijit editor's LinkDialog plugin Low
CVE-2020-4051 was published for dijit (npm) Jun 15, 2020
Alexxino MikeAnas
Imperative CLI vulnerable to Command Injection Low
CVE-2021-4326 was published for @zowe/imperative (npm) Mar 1, 2023
MarkAckert
Command Injection in Limdu Low
CVE-2020-4066 was published for limdu (npm) Jun 22, 2020
Churro
Time-of-check Time-of-use (TOCTOU) Race Condition in chownr Low
CVE-2017-18869 was published for chownr (npm) Feb 10, 2022
tdunlap607
Reverse Tabnabbing in showdown Low
GHSA-h6mq-3cj6-h738 was published for showdown (npm) Sep 3, 2020
tdunlap607
Regular Expression Denial of Service in clean-css Low
GHSA-wxhq-pm8v-cw75 was published for clean-css (npm) Jun 5, 2019
G-Rath
Regular Expression Denial of Service in marked Low
GHSA-ch52-vgq2-943f was published for marked (npm) Sep 3, 2020
The `size` option isn't honored after following a redirect in node-fetch Low
CVE-2020-15168 was published for node-fetch (npm) Sep 10, 2020
rynop tdunlap607
@apollo/server vulnerable to unsafe application of Content Security Policy via reused nonces Low
GHSA-68jh-rf6x-836f was published for @apollo/server (npm) Jun 16, 2023
@keystone-6/core's bundled cuid package known to be insecure Low
GHSA-5fp6-4xw3-xqq3 was published for @keystone-6/core (npm) Jun 12, 2023
TomDo1234
Forwarding of confidentials headers to third parties in fluture-node Low
CVE-2022-24719 was published for fluture-node (npm) Mar 1, 2022
sweetalert2 v11.4.9 and above contains hidden functionality Low
GHSA-qq6h-5g6j-q3cm was published for sweetalert2 (npm) Nov 23, 2022
limonte
Vendure Cross Site Request Forgery vulnerability impacting all API requests Low
GHSA-h9wq-xcqx-mqxm was published for @vendure/core (npm) Jul 11, 2023
Yaniv-git
Stylelint has vulnerability in semver dependency Low
GHSA-f7xj-rg7h-mc87 was published for stylelint (npm) Jul 7, 2023 withdrawn
romainmenke
Regular expression denial of service in jquery-validation Low
CVE-2021-43306 was published for jQuery.Validation (npm) Jun 3, 2022
klaudialax
Regular expression denial of service in semver-regex Low
CVE-2021-43307 was published for semver-regex (npm) Jun 3, 2022
Regular Expression Denial of Service (ReDoS) in jsx-slack Low
CVE-2021-43838 was published for jsx-slack (npm) Dec 17, 2021
hieki
Renderers can obtain access to random bluetooth device without permission in Electron Low
CVE-2022-21718 was published for electron (npm) Mar 22, 2022
PalmerAL
Minimal `basti` IAM Policy Allows Shell Access Low
GHSA-q4pp-j36h-3gqg was published for basti-cdk (npm) Aug 24, 2023
ramimac
ProTip! Advisories are also available from the GraphQL API