Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,749
Maven
4,978
npm
3,509
NuGet
609
pip
3,084
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+

1,044 advisories

Loading
tough-cookie Prototype Pollution vulnerability Moderate
CVE-2023-26136 was published for tough-cookie (npm) Jul 1, 2023
axi92
angular-ui-notification Cross-site Scripting vulnerability Moderate
CVE-2023-34840 was published for angular-ui-notification (npm) Jun 30, 2023
Joplin Cross-site Scripting vulnerability Moderate
CVE-2023-37299 was published for joplin (npm) Jun 30, 2023
Joplin Cross-site Scripting vulnerability Moderate
CVE-2023-37298 was published for joplin (npm) Jun 30, 2023
Duplicate Advisory: jQuery Cross Site Scripting vulnerability Moderate
CVE-2020-23064 was published for jQuery (RubyGems) Jun 26, 2023 withdrawn
eoftedal
word-wrap vulnerable to Regular Expression Denial of Service Moderate
CVE-2023-26115 was published for word-wrap (npm) Jun 22, 2023
semver vulnerable to Regular Expression Denial of Service Moderate
CVE-2022-25883 was published for semver (npm) Jun 21, 2023
mrgrain G-Rath
When setting EntityOptions.apiPrefilter to a function, the filter is not applied to API requests for a resource by Id Moderate
CVE-2023-35167 was published for remult (npm) Jun 20, 2023
ChrisRimmer
AWS CDK EKS overly permissive trust policies Moderate
CVE-2023-35165 was published for @aws-cdk/aws-eks (npm) Jun 19, 2023
twelvemo stefreak
OpenZeppelin Contracts using MerkleProof multiproofs may allow proving arbitrary leaves for specific trees Moderate
CVE-2023-34459 was published for @openzeppelin/contracts (npm) Jun 19, 2023
@keystone-6/auth Open Redirect vulnerability Moderate
CVE-2023-34247 was published for @keystone-6/auth (npm) Jun 14, 2023
scgajge12
fast-xml-parser vulnerable to Prototype Pollution through tag or attribute name Moderate
CVE-2023-26920 was published for fast-xml-parser (npm) Jun 13, 2023
Sudistark
crypto-js uses insecure random numbers Moderate
CVE-2020-36732 was published for crypto-js (npm) Jun 12, 2023
Gatsby develop server has Local File Inclusion vulnerability Moderate
CVE-2023-34238 was published for gatsby (npm) Jun 9, 2023
OpenZeppelin Contracts's governor proposal creation may be blocked by frontrunning Moderate
CVE-2023-34234 was published for @openzeppelin/contracts (npm) Jun 8, 2023
MarkLee131
Phishing attack vulnerability by uploading malicious HTML file Moderate
CVE-2023-32689 was published for parse-server (npm) May 31, 2023
dblythy mtrezza
proxy denial of service vulnerability Moderate
CVE-2023-2968 was published for proxy (npm) May 30, 2023
antfu/utils vulnerable to prototype pollution Moderate
CVE-2023-2972 was published for @antfu/utils (npm) May 30, 2023
html inputs of type password recorded in plaintext when converted to text inputs Moderate
CVE-2023-33187 was published for highlight.run (npm) May 26, 2023
Potential for cross-site scripting in PostHog-js Moderate
CVE-2023-32325 was published for posthog-js (npm) May 22, 2023
Invalid push request payload crashes Parse Server Moderate
CVE-2023-32688 was published for parse-server-push-adapter (npm) May 22, 2023
dblythy mtrezza
vm2 vulnerable to Inspect Manipulation Moderate
CVE-2023-32313 was published for vm2 (npm) May 17, 2023
arkark
Buffer under-read in workerd Moderate
CVE-2023-2512 was published for workerd (npm) May 12, 2023
ubercomp
n8n Directory Traversal vulnerability Moderate
CVE-2023-27562 was published for n8n (npm) May 10, 2023
MarkLee131
Cross-site scripting in TotalJS Moderate
CVE-2023-30094 was published for total4 (npm) May 4, 2023
ProTip! Advisories are also available from the GraphQL API