GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,749
Maven
4,978
npm
3,509
NuGet
609
pip
3,084
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
1,044 advisories
Filter by severity
tough-cookie Prototype Pollution vulnerability
Moderate
CVE-2023-26136
was published
for
tough-cookie
(npm)
Jul 1, 2023
angular-ui-notification Cross-site Scripting vulnerability
Moderate
CVE-2023-34840
was published
for
angular-ui-notification
(npm)
Jun 30, 2023
Joplin Cross-site Scripting vulnerability
Moderate
CVE-2023-37299
was published
for
joplin
(npm)
Jun 30, 2023
Joplin Cross-site Scripting vulnerability
Moderate
CVE-2023-37298
was published
for
joplin
(npm)
Jun 30, 2023
Duplicate Advisory: jQuery Cross Site Scripting vulnerability
Moderate
CVE-2020-23064
was published
for
jQuery
(RubyGems)
Jun 26, 2023
•
withdrawn
word-wrap vulnerable to Regular Expression Denial of Service
Moderate
CVE-2023-26115
was published
for
word-wrap
(npm)
Jun 22, 2023
semver vulnerable to Regular Expression Denial of Service
Moderate
CVE-2022-25883
was published
for
semver
(npm)
Jun 21, 2023
When setting EntityOptions.apiPrefilter to a function, the filter is not applied to API requests for a resource by Id
Moderate
CVE-2023-35167
was published
for
remult
(npm)
Jun 20, 2023
AWS CDK EKS overly permissive trust policies
Moderate
CVE-2023-35165
was published
for
@aws-cdk/aws-eks
(npm)
Jun 19, 2023
OpenZeppelin Contracts using MerkleProof multiproofs may allow proving arbitrary leaves for specific trees
Moderate
CVE-2023-34459
was published
for
@openzeppelin/contracts
(npm)
Jun 19, 2023
@keystone-6/auth Open Redirect vulnerability
Moderate
CVE-2023-34247
was published
for
@keystone-6/auth
(npm)
Jun 14, 2023
fast-xml-parser vulnerable to Prototype Pollution through tag or attribute name
Moderate
CVE-2023-26920
was published
for
fast-xml-parser
(npm)
Jun 13, 2023
crypto-js uses insecure random numbers
Moderate
CVE-2020-36732
was published
for
crypto-js
(npm)
Jun 12, 2023
Gatsby develop server has Local File Inclusion vulnerability
Moderate
CVE-2023-34238
was published
for
gatsby
(npm)
Jun 9, 2023
OpenZeppelin Contracts's governor proposal creation may be blocked by frontrunning
Moderate
CVE-2023-34234
was published
for
@openzeppelin/contracts
(npm)
Jun 8, 2023
Phishing attack vulnerability by uploading malicious HTML file
Moderate
CVE-2023-32689
was published
for
parse-server
(npm)
May 31, 2023
proxy denial of service vulnerability
Moderate
CVE-2023-2968
was published
for
proxy
(npm)
May 30, 2023
antfu/utils vulnerable to prototype pollution
Moderate
CVE-2023-2972
was published
for
@antfu/utils
(npm)
May 30, 2023
html inputs of type password recorded in plaintext when converted to text inputs
Moderate
CVE-2023-33187
was published
for
highlight.run
(npm)
May 26, 2023
Potential for cross-site scripting in PostHog-js
Moderate
CVE-2023-32325
was published
for
posthog-js
(npm)
May 22, 2023
Invalid push request payload crashes Parse Server
Moderate
CVE-2023-32688
was published
for
parse-server-push-adapter
(npm)
May 22, 2023
vm2 vulnerable to Inspect Manipulation
Moderate
CVE-2023-32313
was published
for
vm2
(npm)
May 17, 2023
n8n Directory Traversal vulnerability
Moderate
CVE-2023-27562
was published
for
n8n
(npm)
May 10, 2023
ProTip!
Advisories are also available from the
GraphQL API