GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,967
Erlang
29
GitHub Actions
16
Go
1,748
Maven
4,978
npm
3,509
NuGet
609
pip
3,073
Pub
10
RubyGems
832
Rust
781
Swift
34
Unreviewed advisories
All unreviewed
5,000+
1,045 advisories
Filter by severity
Cleartext Signed Message Signature Spoofing in openpgp
Moderate
CVE-2023-41037
was published
for
openpgp
(npm)
Aug 29, 2023
@webiny/react-rich-text-renderer vulnerable to insecure rendering of rich text content
Moderate
CVE-2023-41167
was published
for
@webiny/react-rich-text-renderer
(npm)
Aug 24, 2023
@node-saml/node-saml's validatePostRequestAsync does not include checkTimestampsValidityError
Moderate
CVE-2023-40178
was published
for
@node-saml/node-saml
(npm)
Aug 21, 2023
@excalidraw/excalidraw Cross-site Scripting vulnerability
Moderate
CVE-2023-26140
was published
for
@excalidraw/excalidraw
(npm)
Aug 16, 2023
Duplicate Advisory: @excalidraw/excalidraw Cross-site Scripting vulnerability
Moderate
GHSA-fr9g-2m2h-c27j
was published
for
@excalidraw/excalidraw
(npm)
Aug 16, 2023
•
withdrawn
Ghost vulnerable to arbitrary file read via symlinks in content import
Moderate
CVE-2023-40028
was published
for
ghost
(npm)
Aug 15, 2023
When `ui.isAccessAllowed` is `undefined`, the `adminMeta` GraphQL query is publicly accessible
Moderate
CVE-2023-40027
was published
for
@keystone-6/core
(npm)
Aug 15, 2023
Svelecte item names vulnerable to execution of arbitrary JavaScript
Moderate
CVE-2023-38687
was published
for
svelecte
(npm)
Aug 14, 2023
OpenZeppelin Contracts vulnerable to Improper Escaping of Output
Moderate
CVE-2023-40014
was published
for
@openzeppelin/contracts
(npm)
Aug 11, 2023
Critters Cross-site Scripting Vulnerability
Moderate
CVE-2023-3481
was published
for
critters
(npm)
Aug 11, 2023
SUCHMOKUO node-worker-threads-pool denial of service Vulnerability
Moderate
CVE-2021-29057
was published
for
node-worker-threads-pool
(npm)
Aug 11, 2023
Margox Braft-Editor Cross-site Scripting Vulnerability
Moderate
CVE-2021-27524
was published
for
braft-editor
(npm)
Aug 11, 2023
matrix-appservice-irc IRC command injection via admin commands containing newlines
Moderate
CVE-2023-38690
was published
for
matrix-appservice-irc
(npm)
Aug 4, 2023
matrix-appservice-bridge doesn't verify the sub parameter of an openId token exhange, allowing unauthorized access to provisioning APIs
Moderate
CVE-2023-38691
was published
for
matrix-appservice-bridge
(npm)
Aug 4, 2023
Cloudflare Wrangler directory traversal vulnerability
Moderate
CVE-2023-3348
was published
for
wrangler
(npm)
Aug 3, 2023
.eth registrar controller can shorten the duration of registered names
Moderate
CVE-2023-38698
was published
for
@ensdomains/ens-contracts
(npm)
Aug 1, 2023
@simonsmith/cypress-image-snapshothas fix for insecure snapshot file names
Moderate
CVE-2023-38695
was published
for
@simonsmith/cypress-image-snapshot
(npm)
Aug 1, 2023
Incorrect Permission Checking for GraphQL Subscriptions
Moderate
CVE-2023-38503
was published
for
directus
(npm)
Jul 25, 2023
Unintentional leakage of private information via cross-origin websocket session hijacking
Moderate
CVE-2023-2850
was published
for
nodebb
(npm)
Jul 25, 2023
Making all attributes on a content-type public without noticing it
Moderate
CVE-2023-34093
was published
for
@strapi/database
(npm)
Jul 25, 2023
matrix-react-sdk vulnerable to XSS in Export Chat feature
Moderate
CVE-2023-37259
was published
for
matrix-react-sdk
(npm)
Jul 18, 2023
layui vulnerable to cross-site scripting
Moderate
CVE-2023-3691
was published
for
layui
(npm)
Jul 16, 2023
tarteaucitron.js vulnerable to Cross-site Scripting
Moderate
CVE-2023-3620
was published
for
tarteaucitronjs
(npm)
Jul 11, 2023
ckeditor-wordcount-plugin vulnerable to Cross-site Scripting in Source Mode of Editor
Moderate
CVE-2023-37905
was published
for
ckeditor-wordcount-plugin
(npm)
Jul 10, 2023
@vendure/admin-ui-plugin authenticated Cross-site Scripting vulnerability
Moderate
GHSA-gm68-572p-q28r
was published
for
@vendure/admin-ui-plugin
(npm)
Jul 6, 2023
ProTip!
Advisories are also available from the
GraphQL API