GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,988
Erlang
29
GitHub Actions
16
Go
1,776
Maven
5,000+
npm
3,542
NuGet
617
pip
3,125
Pub
10
RubyGems
838
Rust
790
Swift
34
Unreviewed advisories
All unreviewed
5,000+
1,093 advisories
Filter by severity
ERC1155Supply vulnerability in OpenZeppelin Contracts
Low
GHSA-wmpv-c2jp-j2xg
was published
for
@openzeppelin/contracts
(npm)
Nov 15, 2021
Reflected cross-site scripting in development mode handler in Vaadin
Low
GHSA-8vfw-v2jv-9hwc
was published
for
com.vaadin:flow-server
(Maven)
Jun 28, 2021
User enumeration in authentication mechanisms
Low
GHSA-2frx-j9hj-6c65
was published
for
lexik/jwt-authentication-bundle
(Composer)
May 17, 2021
Local directory executable lookup in sops (Windows-only)
Low
GHSA-x5c7-x7m2-rhmf
was published
for
go.mozilla.org/sops/v3
(Go)
May 20, 2021
Network policy may be bypassed by some ICMP Echo Requests
Low
GHSA-c66w-hq56-4q97
was published
for
github.com/cilium/cilium
(Go)
May 21, 2021
Path traversal when using `preview-docs` when working dir contains files with question mark `?` in name
Low
GHSA-q324-q795-2q5p
was published
for
@redocly/openapi-cli
(npm)
Oct 12, 2021
Improper Neutralization of Special Elements used in a Command ('Command Injection') in @floffah/build
Low
GHSA-jcgr-9698-82jx
was published
for
@floffah/build
(npm)
May 28, 2021
Clarify `mediaType` handling
Low
GHSA-77vh-xpmg-72qh
was published
for
github.com/opencontainers/image-spec
(Go)
Nov 18, 2021
Inability to de-op players if listed in ops.txt with non-lowercase letters
Low
GHSA-j5qg-w9jg-3wg3
was published
for
pocketmine/pocketmine-mp
(Composer)
Dec 16, 2021
SQLite3 addresses vulnerability in packaged version of libsqlite
Low
GHSA-mgvv-5mxp-xq67
was published
for
sqlite3
(RubyGems)
Oct 3, 2022
Hardening of TypedArrays with non-canonical numeric property names in SES
Low
GHSA-whpx-q3rq-w8jc
was published
for
ses
(npm)
Oct 20, 2022
Python-TUF vulnerable to incorrect threshold signature computation for new root metadata
Low
GHSA-r7vq-6425-j94w
was published
for
tuf
(pip)
Sep 15, 2022
Prototype Pollution in node-forge debug API.
Low
GHSA-5rrq-pxf6-6jx5
was published
for
node-forge
(npm)
Jan 8, 2022
Arbitrary file deletion in NeMo ASR webapp
Low
GHSA-rpx7-33j2-xx9x
was published
for
nemo_toolkit
(pip)
Feb 15, 2022
Prototype Pollution in node-forge util.setPath API
Low
GHSA-wxgw-qj99-44c2
was published
for
node-forge
(npm)
Jan 8, 2022
sweetalert2 v8.19.1 and above contains hidden functionality
Low
GHSA-8jh9-wqpf-q52c
was published
for
sweetalert2
(npm)
Nov 23, 2022
sweetalert2 v9.17.4 and above contains hidden functionality
Low
GHSA-pg98-6v7f-2xfv
was published
for
sweetalert2
(npm)
Nov 23, 2022
sweetalert2 v10.16.10 and above contains hidden functionality
Low
GHSA-457r-cqc8-9vj9
was published
for
sweetalert2
(npm)
Nov 23, 2022
Hidden functionality in node-ipc
Low
GHSA-8gr3-2gjw-jj7g
was published
for
node-ipc
(npm)
Mar 16, 2022
Inconsistent storage layout for ERC2771ContextUpgradeable
Low
GHSA-7j52-6fjp-58gr
was published
for
@openzeppelin/contracts-upgradeable
(npm)
Mar 14, 2022
Exposure of Sensitive information in httpie
Low
CVE-2022-0430
was published
for
httpie
(pip)
Mar 16, 2022
XSS Injection Vulnerability
Low
GHSA-wf98-vxv9-jqfv
was published
for
craftcms/cms
(Composer)
Apr 5, 2022
Cross site scripting via cookies in gogs
Low
GHSA-pj96-4jhv-v792
was published
for
gogs.io/gogs
(Go)
Jun 2, 2022
ProTip!
Advisories are also available from the
GraphQL API