Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,958
Erlang
29
GitHub Actions
16
Go
1,745
Maven
4,971
npm
3,507
NuGet
609
pip
3,066
Pub
10
RubyGems
832
Rust
780
Swift
34
Unreviewed advisories
All unreviewed
5,000+

67 advisories

Ghost allows CSV Injection during member CSV export High
CVE-2024-34448 was published for @tryghost/members-csv (npm) May 22, 2024
Content-Security-Policy header generation in middleware could be compromised by malicious injections High
CVE-2024-29896 was published for @kindspells/astro-shield (npm) Mar 29, 2024
castarco
Server crashes on invalid Cloud Function or Cloud Job name Critical
CVE-2024-29027 was published for parse-server (npm) Mar 19, 2024
mtrezza EhsanParsania
TurboBoost Commands vulnerable to arbitrary method invocation High
CVE-2024-28181 was published for @turbo-boost/commands (RubyGems) Mar 15, 2024
CouchAuth host header injection vulnerability leaks the password reset token High
CVE-2023-39655 was published for @perfood/couch-auth (npm) Jan 3, 2024
PostCSS line return parsing error Moderate
CVE-2023-44270 was published for postcss (npm) Sep 30, 2023
DCKcode
n158 vulnerable to Command Injection due to improper input sanitization in the 'module.exports' function High
CVE-2023-26127 was published for n158 (npm) May 27, 2023
vm2 vulnerable to Inspect Manipulation Moderate
CVE-2023-32313 was published for vm2 (npm) May 17, 2023
arkark
vm2 Sandbox Escape vulnerability Critical
CVE-2023-32314 was published for vm2 (npm) May 15, 2023
arkark
HTML injection in search results via plaintext message highlighting High
CVE-2023-30609 was published for matrix-react-sdk (npm) Apr 25, 2023
vm2 Sandbox Escape vulnerability Critical
CVE-2023-30547 was published for vm2 (npm) Apr 20, 2023
leesh3288
Strapi plugins vulnerable to Server-Side Template Injection and Remote Code Execution in the Users-Permissions Plugin Critical
CVE-2023-22621 was published for @strapi/plugin-email (npm) Apr 19, 2023
derrickmehaffy Ccamm
Convly
CRLF Injection in Nodejs ‘undici’ via host Moderate
CVE-2023-23936 was published for undici (npm) Feb 16, 2023
dustjs-linkedin vulnerable to Prototype Pollution High
CVE-2021-4264 was published for dustjs-linkedin (npm) Dec 21, 2022
FurqanSoftware/node-whois vulnerable to Prototype Pollution Critical
CVE-2020-36618 was published for whois (npm) Dec 19, 2022
npm package rfc6902 vulnerable to Prototype Pollution Critical
CVE-2021-4245 was published for rfc6902 (npm) Dec 15, 2022
Withdrawn: Octocat.js vulnerable to code injection High
CVE-2022-39390 was published for octocat.js (npm) Nov 8, 2022 withdrawn
@keystone-6/core's NODE_ENV defaults to development with esbuild Critical
CVE-2022-39382 was published for @keystone-6/core (npm) Nov 3, 2022
acburdine
Valine code injection vulnerability Critical
CVE-2022-38545 was published for valine (npm) Sep 20, 2022
cruddl vulnerable to ArangoDB Query Language (AQL) injection through flexSearch Critical
CVE-2022-36084 was published for cruddl (npm) Sep 16, 2022
Nodejs ‘undici’ vulnerable to CRLF Injection via Content-Type Moderate
CVE-2022-35948 was published for undici (npm) Aug 18, 2022
happyhacking-k
@actions/core has Delimiter Injection Vulnerability in exportVariable Moderate
CVE-2022-35954 was published for @actions/core (npm) Aug 18, 2022
jupenur
Shescape vulnerable to insufficient escaping of whitespace Critical
CVE-2022-31180 was published for shescape (npm) Jul 15, 2022
kurt-r2c
Shescape prior to 1.5.8 vulnerable to insufficient escaping of line feeds for CMD High
CVE-2022-31179 was published for shescape (npm) Jul 15, 2022
tdunlap607
Possible inject arbitrary `CSS` into the generated graph affecting the container HTML Moderate
CVE-2022-31108 was published for mermaid (npm) Jul 5, 2022
ProTip! Advisories are also available from the GraphQL API