Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,972
Erlang
29
GitHub Actions
16
Go
1,762
Maven
4,983
npm
3,518
NuGet
609
pip
3,094
Pub
10
RubyGems
833
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+

3,519 advisories

Loading
Prototype Pollution in lodash Critical
CVE-2019-10744 was published for lodash (npm) Jul 10, 2019
Next.js Directory Traversal Vulnerability High
CVE-2017-16877 was published for next (npm) Dec 5, 2017
tdunlap607
loader-utils is vulnerable to Regular Expression Denial of Service (ReDoS) High
CVE-2022-37599 was published for loader-utils (npm) Oct 12, 2022
jeran-urban G-Rath
Regular Expression Denial of Service in remarkable High
CVE-2019-12041 was published for remarkable (npm) Jun 6, 2019
LeSuisse
XSS in jQuery as used in Drupal, Backdrop CMS, and other products Moderate
CVE-2019-11358 was published for django (RubyGems) Apr 26, 2019
klaudialax eoftedal
Arbitrary file upload in Ghost Critical
CVE-2022-28397 was published for ghost (npm) Apr 13, 2022
Regular Expression Denial Of Service in uri-js Moderate
CVE-2017-16021 was published for uri-js (npm) Jul 24, 2018
Insufficient validation when decoding a Socket.IO packet Critical
CVE-2022-2421 was published for socket.io-parser (npm) Oct 26, 2022
darrachequesne kurt-r2c
zcap has incomplete expiration checks in capability chains. Moderate
CVE-2024-31995 was published for @digitalbazaar/zcap (npm) Apr 10, 2024
Undici's Proxy-Authorization header not cleared on cross-origin redirect for dispatch, request, stream, pipeline Low
CVE-2024-30260 was published for undici (npm) Apr 4, 2024
@hono/node-server has Denial of Service risk when receiving Host header that cannot be parsed High
CVE-2024-32652 was published for @hono/node-server (npm) Apr 19, 2024
Withdrawn Advisory: mariadb was malware High
CVE-2017-16046 was published for mariadb (npm) Jul 18, 2018 withdrawn
Enabling Authentication does not close all logged in socket connections immediately Low
GHSA-23q2-5gf8-gjpp was published for uptime-kuma (npm) Apr 19, 2024
fetch(url) leads to a memory leak in undici Moderate
CVE-2024-24750 was published for undici (npm) Feb 16, 2024
mcollina
@andrei-tatar/nora-firebase-common Prototype Pollution vulnerability High
CVE-2024-30564 was published for @andrei-tatar/nora-firebase-common (npm) Apr 18, 2024
Stored Cross-site Scripting (XSS) in excalidraw's web embed component Moderate
CVE-2024-32472 was published for @excalidraw/excalidraw (npm) Apr 17, 2024
Prototype pollution in emit function Low
GHSA-82jv-9wjw-pqh6 was published for derby (npm) Apr 17, 2024
chluo1997
Handling untrusted input can result in a crash, leading to loss of availability / denial of service High
CVE-2024-30253 was published for @solana/web3.js (npm) Apr 17, 2024
FixedLocally steveluscher
Command Injection in lodash High
CVE-2021-23337 was published for lodash (npm) May 6, 2021
mitchell-codecov nitaiapiiro
ebickle
AWS Amplify CLI has incorrect trust policy management High
CVE-2024-28056 was published for @aws-amplify/cli (npm) Apr 15, 2024
Matrix IRC Bridge truncated content of messages can be leaked Moderate
CVE-2024-32000 was published for matrix-appservice-irc (npm) Apr 11, 2024
progval
Summernote vulnerable to cross-site scripting Moderate
CVE-2024-29504 was published for summernote (npm) Apr 11, 2024
mysql2 Remote Code Execution (RCE) via the readCodeFor function Critical
CVE-2024-21508 was published for mysql2 (npm) Apr 11, 2024
mysql2 vulnerable to Prototype Poisoning Moderate
CVE-2024-21509 was published for mysql2 (npm) Apr 10, 2024
mysql2 cache poisoning vulnerability Moderate
CVE-2024-21507 was published for mysql2 (npm) Apr 10, 2024
ProTip! Advisories are also available from the GraphQL API