Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,988
Erlang
29
GitHub Actions
16
Go
1,776
Maven
5,000+
npm
3,542
NuGet
617
pip
3,125
Pub
10
RubyGems
838
Rust
790
Swift
34
Unreviewed advisories
All unreviewed
5,000+

1,093 advisories

Loading
ERC1155Supply vulnerability in OpenZeppelin Contracts Low
GHSA-wmpv-c2jp-j2xg was published for @openzeppelin/contracts (npm) Nov 15, 2021
ChainSecurityAudits
Reflected cross-site scripting in development mode handler in Vaadin Low
GHSA-8vfw-v2jv-9hwc was published for com.vaadin:flow-server (Maven) Jun 28, 2021
User enumeration in authentication mechanisms Low
GHSA-2frx-j9hj-6c65 was published for lexik/jwt-authentication-bundle (Composer) May 17, 2021
mbrodala chalasr
Local directory executable lookup in sops (Windows-only) Low
GHSA-x5c7-x7m2-rhmf was published for go.mozilla.org/sops/v3 (Go) May 20, 2021
Ry0taK
Network policy may be bypassed by some ICMP Echo Requests Low
GHSA-c66w-hq56-4q97 was published for github.com/cilium/cilium (Go) May 21, 2021
brb kkourt
Path traversal when using `preview-docs` when working dir contains files with question mark `?` in name Low
GHSA-q324-q795-2q5p was published for @redocly/openapi-cli (npm) Oct 12, 2021
edkelly-ovo
Improper Neutralization of Special Elements used in a Command ('Command Injection') in @floffah/build Low
GHSA-jcgr-9698-82jx was published for @floffah/build (npm) May 28, 2021
Clarify `mediaType` handling Low
GHSA-77vh-xpmg-72qh was published for github.com/opencontainers/image-spec (Go) Nov 18, 2021
Inability to de-op players if listed in ops.txt with non-lowercase letters Low
GHSA-j5qg-w9jg-3wg3 was published for pocketmine/pocketmine-mp (Composer) Dec 16, 2021
SQLite3 addresses vulnerability in packaged version of libsqlite Low
GHSA-mgvv-5mxp-xq67 was published for sqlite3 (RubyGems) Oct 3, 2022
Hardening of TypedArrays with non-canonical numeric property names in SES Low
GHSA-whpx-q3rq-w8jc was published for ses (npm) Oct 20, 2022
Python-TUF vulnerable to incorrect threshold signature computation for new root metadata Low
GHSA-r7vq-6425-j94w was published for tuf (pip) Sep 15, 2022
trishankatdatadog
Prototype Pollution in node-forge debug API. Low
GHSA-5rrq-pxf6-6jx5 was published for node-forge (npm) Jan 8, 2022
Arbitrary file deletion in NeMo ASR webapp Low
GHSA-rpx7-33j2-xx9x was published for nemo_toolkit (pip) Feb 15, 2022
haby0
Prototype Pollution in node-forge util.setPath API Low
GHSA-wxgw-qj99-44c2 was published for node-forge (npm) Jan 8, 2022
sweetalert2 v8.19.1 and above contains hidden functionality Low
GHSA-8jh9-wqpf-q52c was published for sweetalert2 (npm) Nov 23, 2022
sweetalert2 v9.17.4 and above contains hidden functionality Low
GHSA-pg98-6v7f-2xfv was published for sweetalert2 (npm) Nov 23, 2022
sweetalert2 v10.16.10 and above contains hidden functionality Low
GHSA-457r-cqc8-9vj9 was published for sweetalert2 (npm) Nov 23, 2022
node-ipc behavior change Low
GHSA-3mpp-xfvh-qh37 was published for node-ipc (npm) Mar 16, 2022
Hidden functionality in node-ipc Low
GHSA-8gr3-2gjw-jj7g was published for node-ipc (npm) Mar 16, 2022
Infinite loop in Pillow Low
GHSA-4fx9-vc88-q2xc was published for Pillow (pip) Mar 11, 2022
Inconsistent storage layout for ERC2771ContextUpgradeable Low
GHSA-7j52-6fjp-58gr was published for @openzeppelin/contracts-upgradeable (npm) Mar 14, 2022
Exposure of Sensitive information in httpie Low
CVE-2022-0430 was published for httpie (pip) Mar 16, 2022
XSS Injection Vulnerability Low
GHSA-wf98-vxv9-jqfv was published for craftcms/cms (Composer) Apr 5, 2022
Cross site scripting via cookies in gogs Low
GHSA-pj96-4jhv-v792 was published for gogs.io/gogs (Go) Jun 2, 2022
ProTip! Advisories are also available from the GraphQL API