GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,974
Erlang
29
GitHub Actions
16
Go
1,763
Maven
4,988
npm
3,525
NuGet
615
pip
3,099
Pub
10
RubyGems
834
Rust
785
Swift
34
Unreviewed advisories
All unreviewed
5,000+
1,389 advisories
Filter by severity
browserify-sign upper bound check issue in `dsaVerify` leads to a signature forgery attack
High
CVE-2023-46234
was published
for
browserify-sign
(npm)
Oct 26, 2023
generator-jhipster allows a timing attack against validateToken due to a string comparison that stops at the first character
High
CVE-2015-20110
was published
for
generator-jhipster
(npm)
Oct 31, 2023
Unauthorized Access to Private Fields in User Registration API
High
CVE-2023-39345
was published
for
@strapi/plugin-users-permissions
(npm)
Nov 3, 2023
Prototype Pollution(PP) vulnerability in setByPath
High
CVE-2023-45827
was published
for
@clickbar/dot-diver
(npm)
Nov 3, 2023
sharp vulnerability in libwebp dependency CVE-2023-4863
High
GHSA-54xq-cgqr-rpm3
was published
for
sharp
(npm)
Nov 16, 2023
json-web-token library is vulnerable to a JWT algorithm confusion attack
High
CVE-2023-48238
was published
for
json-web-token
(npm)
Nov 17, 2023
sequelize-typescript Prototype Pollution vulnerability
High
CVE-2023-6293
was published
for
sequelize-typescript
(npm)
Nov 24, 2023
mockjs vulnerable to Prototype Pollution via the Util.extend function
High
CVE-2023-26158
was published
for
mockjs
(npm)
Dec 8, 2023
Directory Traversal in evershop
High
CVE-2023-46496
was published
for
@evershop/evershop
(npm)
Dec 8, 2023
DOS by abusing `fetchOptions.retry`.
High
CVE-2023-49800
was published
for
nuxt-api-party
(npm)
Dec 11, 2023
Unauthenticated Denial of Service in the octokit/webhooks library
High
CVE-2023-50728
was published
for
@octokit/app
(npm)
Dec 16, 2023
Sentry's Astro SDK vulnerable to ReDoS
High
CVE-2023-50249
was published
for
@sentry/astro
(npm)
Dec 18, 2023
msgpackr's conversion of property names to strings can trigger infinite recursion
High
CVE-2023-52079
was published
for
msgpackr
(npm)
Dec 28, 2023
Miniflare vulnerable to Server-Side Request Forgery (SSRF)
High
CVE-2023-7078
was published
for
miniflare
(npm)
Dec 29, 2023
CouchAuth host header injection vulnerability leaks the password reset token
High
CVE-2023-39655
was published
for
@perfood/couch-auth
(npm)
Jan 3, 2024
@backstage/backend-app-api leaks GitLab access tokens
High
CVE-2023-6944
was published
for
@backstage/backend-app-api
(npm)
Jan 4, 2024
EverShop vulnerable to improper authorization in GraphQL endpoints
High
CVE-2023-46942
was published
for
@evershop/evershop
(npm)
Jan 13, 2024
EverShop at risk to unauthorized access via weak HMAC secret
High
CVE-2023-46943
was published
for
@evershop/evershop
(npm)
Jan 13, 2024
Marvin Attack of RSA and RSAOAEP decryption in jsrsasign
High
CVE-2024-21484
was published
for
jsrsasign
(npm)
Jan 19, 2024
Vite dev server option `server.fs.deny` can be bypassed when hosted on case-insensitive filesystem
High
CVE-2024-23331
was published
for
vite
(npm)
Jan 19, 2024
SPV Merkle proof malleability allows the maintainer to prove invalid transactions
High
GHSA-wg2x-rv86-mmpx
was published
for
@keep-network/tbtc-v2
(npm)
Jan 19, 2024
Sending a GET or HEAD request with a body crashes SvelteKit
High
CVE-2024-23641
was published
for
@sveltejs/adapter-node
(npm)
Jan 24, 2024
MeshCentral algorithm-downgrade issue
High
CVE-2023-51842
was published
for
meshcentral
(npm)
Jan 29, 2024
ProTip!
Advisories are also available from the
GraphQL API