GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,972
Erlang
29
GitHub Actions
16
Go
1,762
Maven
4,983
npm
3,518
NuGet
609
pip
3,094
Pub
10
RubyGems
833
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
3,519 advisories
Filter by severity
Next.js Directory Traversal Vulnerability
High
CVE-2017-16877
was published
for
next
(npm)
Dec 5, 2017
loader-utils is vulnerable to Regular Expression Denial of Service (ReDoS)
High
CVE-2022-37599
was published
for
loader-utils
(npm)
Oct 12, 2022
Regular Expression Denial of Service in remarkable
High
CVE-2019-12041
was published
for
remarkable
(npm)
Jun 6, 2019
XSS in jQuery as used in Drupal, Backdrop CMS, and other products
Moderate
CVE-2019-11358
was published
for
django
(RubyGems)
Apr 26, 2019
Regular Expression Denial Of Service in uri-js
Moderate
CVE-2017-16021
was published
for
uri-js
(npm)
Jul 24, 2018
Insufficient validation when decoding a Socket.IO packet
Critical
CVE-2022-2421
was published
for
socket.io-parser
(npm)
Oct 26, 2022
zcap has incomplete expiration checks in capability chains.
Moderate
CVE-2024-31995
was published
for
@digitalbazaar/zcap
(npm)
Apr 10, 2024
Undici's Proxy-Authorization header not cleared on cross-origin redirect for dispatch, request, stream, pipeline
Low
CVE-2024-30260
was published
for
undici
(npm)
Apr 4, 2024
@hono/node-server has Denial of Service risk when receiving Host header that cannot be parsed
High
CVE-2024-32652
was published
for
@hono/node-server
(npm)
Apr 19, 2024
Withdrawn Advisory: mariadb was malware
High
CVE-2017-16046
was published
for
mariadb
(npm)
Jul 18, 2018
•
withdrawn
Enabling Authentication does not close all logged in socket connections immediately
Low
GHSA-23q2-5gf8-gjpp
was published
for
uptime-kuma
(npm)
Apr 19, 2024
fetch(url) leads to a memory leak in undici
Moderate
CVE-2024-24750
was published
for
undici
(npm)
Feb 16, 2024
@andrei-tatar/nora-firebase-common Prototype Pollution vulnerability
High
CVE-2024-30564
was published
for
@andrei-tatar/nora-firebase-common
(npm)
Apr 18, 2024
Stored Cross-site Scripting (XSS) in excalidraw's web embed component
Moderate
CVE-2024-32472
was published
for
@excalidraw/excalidraw
(npm)
Apr 17, 2024
Prototype pollution in emit function
Low
GHSA-82jv-9wjw-pqh6
was published
for
derby
(npm)
Apr 17, 2024
Handling untrusted input can result in a crash, leading to loss of availability / denial of service
High
CVE-2024-30253
was published
for
@solana/web3.js
(npm)
Apr 17, 2024
AWS Amplify CLI has incorrect trust policy management
High
CVE-2024-28056
was published
for
@aws-amplify/cli
(npm)
Apr 15, 2024
Matrix IRC Bridge truncated content of messages can be leaked
Moderate
CVE-2024-32000
was published
for
matrix-appservice-irc
(npm)
Apr 11, 2024
Summernote vulnerable to cross-site scripting
Moderate
CVE-2024-29504
was published
for
summernote
(npm)
Apr 11, 2024
mysql2 Remote Code Execution (RCE) via the readCodeFor function
Critical
CVE-2024-21508
was published
for
mysql2
(npm)
Apr 11, 2024
mysql2 vulnerable to Prototype Poisoning
Moderate
CVE-2024-21509
was published
for
mysql2
(npm)
Apr 10, 2024
mysql2 cache poisoning vulnerability
Moderate
CVE-2024-21507
was published
for
mysql2
(npm)
Apr 10, 2024
ProTip!
Advisories are also available from the
GraphQL API