GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,992
Erlang
29
GitHub Actions
16
Go
1,782
Maven
5,000+
npm
3,544
NuGet
619
pip
3,134
Pub
10
RubyGems
838
Rust
795
Swift
34
Unreviewed advisories
All unreviewed
5,000+
1,051 advisories
Filter by severity
Server-Side Request Forgery in Request
Moderate
CVE-2023-28155
was published
for
@cypress/request
(npm)
Mar 16, 2023
Strapi 4.1.12 Cross-site Scripting via crafted file
Moderate
CVE-2022-32114
was published
for
@strapi/strapi
(npm)
Jul 14, 2022
xml2js is vulnerable to prototype pollution
Moderate
CVE-2023-0842
was published
for
xml2js
(npm)
Apr 5, 2023
URL Redirection to Untrusted Site in OAuth2/OpenID in directus
Moderate
CVE-2024-28239
was published
for
directus
(npm)
Mar 12, 2024
Dash apps vulnerable to Cross-site Scripting
Moderate
CVE-2024-21485
was published
for
dash
(npm)
Feb 2, 2024
hexo-theme-anzhiyu Cross-site Scripting vulnerability
Moderate
CVE-2024-25865
was published
for
hexo-theme-anzhiyu
(npm)
Mar 3, 2024
CKEditor4 Cross-site Scripting vulnerability caused by incorrect CDATA detection
Moderate
CVE-2024-24815
was published
for
ckeditor/ckeditor
(Composer)
Feb 7, 2024
Stimulsoft Dashboard.JS Cross Site Scripting vulnerability
Moderate
CVE-2024-24397
was published
for
stimulsoft-dashboards-js
(npm)
Feb 5, 2024
Directus version number disclosure
Moderate
CVE-2024-27296
was published
for
directus
(npm)
Mar 1, 2024
mongo-express Cross-site Request Forgery vulnerability
Moderate
CVE-2023-52555
was published
for
mongo-express
(npm)
Mar 1, 2024
Nteract Remote Code Execution vulnerability
Moderate
CVE-2024-22891
was published
for
nteract
(npm)
Mar 1, 2024
CKEditor4 Cross-site Scripting vulnerability in samples with enabled the preview feature
Moderate
CVE-2024-24816
was published
for
ckeditor4
(npm)
Feb 7, 2024
mapshaper Path Traversal vulnerability
Moderate
CVE-2024-1163
was published
for
mapshaper
(npm)
Feb 13, 2024
Misinterpretation of malicious XML input
Moderate
CVE-2021-32796
was published
for
@xmldom/xmldom
(npm)
Aug 3, 2021
Ghost has possible Cross-site Scripting issue
Moderate
CVE-2024-23724
was published
for
ghost
(npm)
Feb 11, 2024
Cross-site Scripting in Serenity
Moderate
CVE-2024-26318
was published
for
@serenity-is/corelib
(npm)
Feb 19, 2024
React Native Document Picker Directory Traversal vulnerability
Moderate
CVE-2024-25466
was published
for
react-native-document-picker
(npm)
Feb 16, 2024
Default swagger-ui configuration exposes all files in the module
Moderate
CVE-2024-22207
was published
for
@fastify/swagger-ui
(npm)
Jan 16, 2024
Stimulsoft Dashboard.JS Cross Site Scripting vulnerability
Moderate
CVE-2024-24396
was published
for
stimulsoft-dashboards-js
(npm)
Feb 5, 2024
semver vulnerable to Regular Expression Denial of Service
Moderate
CVE-2022-25883
was published
for
semver
(npm)
Jun 21, 2023
mongodb-client-encryption vulnerable to Improper Certificate Validation
Moderate
CVE-2021-20327
was published
for
mongodb-client-encryption
(npm)
Apr 12, 2021
Unlimited transforms allowed for signed nodes
Moderate
CVE-2021-39171
was published
for
passport-saml
(npm)
Aug 30, 2021
MongoDB Driver may publish events containing authentication-related data
Moderate
CVE-2021-32050
was published
for
github.com/mongodb/mongo-swift-driver
(Composer)
Aug 29, 2023
ProTip!
Advisories are also available from the
GraphQL API