GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,964
Erlang
29
GitHub Actions
16
Go
1,746
Maven
4,974
npm
3,507
NuGet
609
pip
3,071
Pub
10
RubyGems
832
Rust
780
Swift
34
Unreviewed advisories
All unreviewed
5,000+
1,043 advisories
Filter by severity
chromedriver Command Injection vulnerability
Moderate
CVE-2023-26156
was published
for
chromedriver
(npm)
Nov 9, 2023
Axios Cross-Site Request Forgery Vulnerability
Moderate
CVE-2023-45857
was published
for
axios
(npm)
Nov 8, 2023
cordova-plugin-fingerprint-aio DoS vulnerability
Moderate
CVE-2021-43849
was published
for
cordova-plugin-fingerprint-aio
(npm)
Nov 2, 2023
TinyMCE XSS vulnerability in notificationManager.open API
Moderate
CVE-2023-45819
was published
for
TinyMCE
(Composer)
Oct 19, 2023
TinyMCE mXSS vulnerability in undo/redo, getContent API, resetContent API, and Autosave plugin
Moderate
CVE-2023-45818
was published
for
TinyMCE
(Composer)
Oct 19, 2023
React Developer Tools extension Improper Authorization vulnerability
Moderate
CVE-2023-5654
was published
for
react-devtools-core
(npm)
Oct 19, 2023
nocodb SQL Injection vulnerability
Moderate
CVE-2023-43794
was published
for
nocodb
(npm)
Oct 17, 2023
Improper Input Validation in vriteio/vrite
Moderate
CVE-2023-5571
was published
for
@vrite/sdk
(npm)
Oct 13, 2023
Allocation of Resources Without Limits or Throttling in vriteio/vrite
Moderate
CVE-2023-5573
was published
for
@vrite/sdk
(npm)
Oct 13, 2023
PostCSS line return parsing error
Moderate
CVE-2023-44270
was published
for
postcss
(npm)
Sep 30, 2023
quill-mention Cross-site Scripting vulnerability
Moderate
CVE-2023-26149
was published
for
quill-mention
(npm)
Sep 28, 2023
Improper Input Validation in nocodb
Moderate
CVE-2023-5104
was published
for
nocodb
(npm)
Sep 21, 2023
graphql Uncontrolled Resource Consumption vulnerability
Moderate
CVE-2023-26144
was published
for
graphql
(npm)
Sep 20, 2023
Jodit Editor vulnerable to cross-site scripting
Moderate
CVE-2023-42399
was published
for
jodit
(npm)
Sep 19, 2023
blamer vulnerable to Arbitrary Argument Injection via the blameByFile() API
Moderate
CVE-2023-26143
was published
for
blamer
(npm)
Sep 19, 2023
Strapi's field level permissions not being respected in relationship title
Moderate
CVE-2023-37263
was published
for
@strapi/plugin-content-manager
(npm)
Sep 13, 2023
Strapi may leak sensitive user information, user reset password, tokens via content-manager views
Moderate
CVE-2023-36472
was published
for
@strapi/admin
(npm)
Sep 13, 2023
Buttercup allows attackers to obtain the hash of the master password
Moderate
CVE-2023-41646
was published
for
buttercup
(npm)
Sep 8, 2023
Electron vulnerable to out-of-package code execution when launched with arbitrary cwd
Moderate
CVE-2023-39956
was published
for
electron
(npm)
Sep 6, 2023
Electron context isolation bypass via nested unserializable return value
Moderate
CVE-2023-29198
was published
for
electron
(npm)
Sep 6, 2023
Username enumeration attack in goauthentik
Moderate
CVE-2023-39522
was published
for
@goauthentik/api
(npm)
Aug 29, 2023
@adobe/css-tools Regular Expression Denial of Service (ReDOS) while Parsing CSS
Moderate
CVE-2023-26364
was published
for
@adobe/css-tools
(npm)
Aug 29, 2023
MongoDB Driver may publish events containing authentication-related data
Moderate
CVE-2021-32050
was published
for
github.com/mongodb/mongo-swift-driver
(Composer)
Aug 29, 2023
Cleartext Signed Message Signature Spoofing in openpgp
Moderate
CVE-2023-41037
was published
for
openpgp
(npm)
Aug 29, 2023
@webiny/react-rich-text-renderer vulnerable to insecure rendering of rich text content
Moderate
CVE-2023-41167
was published
for
@webiny/react-rich-text-renderer
(npm)
Aug 24, 2023
ProTip!
Advisories are also available from the
GraphQL API