GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,749
Maven
4,978
npm
3,509
NuGet
609
pip
3,084
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
1,044 advisories
Filter by severity
engine.io Uncaught Exception vulnerability
Moderate
CVE-2023-31125
was published
for
engine.io
(npm)
May 3, 2023
@mittwald/kubernetes's secret contents leaked via debug logging
Moderate
GHSA-g35x-j6jj-8g7j
was published
for
@mittwald/kubernetes
(npm)
May 2, 2023
editor.md vulnerable to Cross-site Scripting
Moderate
CVE-2023-29641
was published
for
editor.md
(npm)
May 1, 2023
@builder.io/qwik-city Cross-Site Request Forgery vulnerability
Moderate
CVE-2023-2307
was published
for
@builder.io/qwik-city
(npm)
Apr 26, 2023
CSRF token fixation in fastify-passport
Moderate
CVE-2023-29020
was published
for
@fastify/passport
(npm)
Apr 21, 2023
Nunjucks autoescape bypass leads to cross site scripting
Moderate
CVE-2023-2142
was published
for
nunjucks
(npm)
Apr 20, 2023
Bypass of CSRF protection in the presence of predictable userInfo
Moderate
CVE-2023-27495
was published
for
@fastify/csrf-protection
(npm)
Apr 20, 2023
Path traversal vulnerability in gatsby-plugin-sharp
Moderate
CVE-2023-30548
was published
for
gatsby-plugin-sharp
(npm)
Apr 20, 2023
Strapi does not verify the access or ID tokens issued during the OAuth flow
Moderate
CVE-2023-22893
was published
for
@strapi/plugin-users-permissions
(npm)
Apr 19, 2023
`chainId` may be outdated if user changes chains as part of connection in @web3-react
Moderate
CVE-2023-30543
was published
for
@web3-react/coinbase-wallet
(npm)
Apr 18, 2023
OpenZeppelin Contracts TransparentUpgradeableProxy clashing selector calls may not be delegated
Moderate
CVE-2023-30541
was published
for
@openzeppelin/contracts
(npm)
Apr 17, 2023
matrix-js-sdk vulnerable to invisible eavesdropping in group calls
Moderate
CVE-2023-29529
was published
for
matrix-js-sdk
(npm)
Apr 14, 2023
xml2js is vulnerable to prototype pollution
Moderate
CVE-2023-0842
was published
for
xml2js
(npm)
Apr 5, 2023
Pandao Editor.md vulnerable to cross-site scripting (XSS) in editor parameter
Moderate
CVE-2020-19698
was published
for
editor.md
(npm)
Apr 4, 2023
Pandao Editor.md vulnerable to cross-site scripting (XSS) in iframe src parameter
Moderate
CVE-2020-19697
was published
for
editor.md
(npm)
Apr 4, 2023
Directus API vulnerable to denial of service
Moderate
CVE-2020-19850
was published
for
directus
(npm)
Apr 4, 2023
angular vulnerable to regular expression denial of service via the $resource service
Moderate
CVE-2023-26117
was published
for
angular
(npm)
Mar 30, 2023
angular vulnerable to regular expression denial of service via the angular.copy() utility
Moderate
CVE-2023-26116
was published
for
angular
(npm)
Mar 30, 2023
angular vulnerable to regular expression denial of service via the <input type="url"> element
Moderate
CVE-2023-26118
was published
for
angular
(npm)
Mar 30, 2023
directus vulnerable to Insertion of Sensitive Information into Log File
Moderate
CVE-2023-28443
was published
for
directus
(npm)
Mar 23, 2023
Server-Side Request Forgery in Request
Moderate
CVE-2023-28155
was published
for
@cypress/request
(npm)
Mar 16, 2023
Directus vulnerable to extraction of password hashes through export querying
Moderate
CVE-2023-27481
was published
for
directus
(npm)
Mar 8, 2023
@nestjs/core vulnerable to Information Exposure via StreamableFile pipe
Moderate
CVE-2023-26108
was published
for
@nestjs/core
(npm)
Mar 6, 2023
Directus vulnerable to Server-Side Request Forgery On File Import
Moderate
CVE-2023-26492
was published
for
directus
(npm)
Mar 3, 2023
OpenZeppelin Contracts contains Incorrect Calculation
Moderate
CVE-2023-26488
was published
for
@openzeppelin/contracts
(npm)
Mar 3, 2023
ProTip!
Advisories are also available from the
GraphQL API