Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,133
Erlang
29
GitHub Actions
19
Go
1,939
Maven
5,000+
npm
3,677
NuGet
643
pip
3,295
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+

153 advisories

Loading
Prototype Pollution in node-forge util.setPath API Low
GHSA-wxgw-qj99-44c2 was published for node-forge (npm) Jan 8, 2022
sweetalert2 v8.19.1 and above contains hidden functionality Low
GHSA-8jh9-wqpf-q52c was published for sweetalert2 (npm) Nov 23, 2022
sweetalert2 v9.17.4 and above contains hidden functionality Low
GHSA-pg98-6v7f-2xfv was published for sweetalert2 (npm) Nov 23, 2022
sweetalert2 v10.16.10 and above contains hidden functionality Low
GHSA-457r-cqc8-9vj9 was published for sweetalert2 (npm) Nov 23, 2022
Hidden functionality in node-ipc Low
GHSA-8gr3-2gjw-jj7g was published for node-ipc (npm) Mar 16, 2022
Inconsistent storage layout for ERC2771ContextUpgradeable Low
GHSA-7j52-6fjp-58gr was published for @openzeppelin/contracts-upgradeable (npm) Mar 14, 2022
ircdkit vulnerable to Denial of Service due to unhandled connection end event Low
GHSA-f7r3-p866-q9qr was published for ircdkit (npm) Jun 3, 2019
express-basic-auth Timing Attack due to native string comparison instead of constant time string comparison Low
GHSA-c35v-qwqg-87jc was published for express-basic-auth (npm) Jun 6, 2019
URL parsing in node-forge could lead to undesired behavior. Low
GHSA-gf8q-jrpm-jvxq was published for node-forge (npm) Jan 8, 2022
kurt-r2c
personnummer/js vulnerable to Improper Input Validation Low
GHSA-vpgc-7h78-gx8f was published for personnummer (npm) Sep 4, 2020
Command Injection in moment-timezone Low
GHSA-56x4-j7p9-fcf9 was published for moment-timezone (npm) Aug 30, 2022
scovetta
Cross-site Scripting in bootstrap-table Low
CVE-2021-23472 was published for bootstrap-table (npm) Nov 8, 2021
Compromised child renderer processes could obtain IPC access without nodeIntegrationInSubFrames being enabled Low
CVE-2022-29247 was published for electron (npm) Jun 16, 2022
TheGrandPew msrkp
parse-server auth adapter app ID validation can be circumvented Low
CVE-2022-39231 was published for parse-server (npm) Sep 21, 2022
KarolisBan
next-auth before v4.10.2 and v3.29.9 leaks excessive information into log Low
CVE-2022-31186 was published for next-auth (npm) Aug 6, 2022
ShuPink
Regular expression denial of service in markdown-link-extractor Low
CVE-2021-43308 was published for markdown-link-extractor (npm) Jun 3, 2022
Improper Control of Generation of Code ('Code Injection') in mdx-mermaid Low
CVE-2022-36036 was published for mdx-mermaid (npm) Aug 31, 2022
sjwall
jquery.terminal self XSS on user input Low
CVE-2021-43862 was published for jquery.terminal (npm) Jan 6, 2022
Nahiiko
undici before v5.8.0 vulnerable to uncleared cookies on cross-host / cross-origin redirect Low
CVE-2022-31151 was published for undici (npm) Jul 21, 2022
Haxatron
Environment Variable Injection in GitHub Actions Low
CVE-2020-15228 was published for @actions/core (npm) Oct 1, 2020
Unprotected dynamically loaded chunks Low
CVE-2020-15262 was published for webpack-subresource-integrity (npm) Oct 19, 2020
Denial of service in fast-csv Low
CVE-2020-26256 was published for @fast-csv/parse (npm) Dec 8, 2020
Prefix escape Low
CVE-2021-21322 was published for fastify-http-proxy (npm) Mar 3, 2021
Regular Expression Denial of Service (ReDoS) in braces Low
CVE-2018-1109 was published for braces (npm) Jan 6, 2022
XSS in Vega Low
CVE-2020-26296 was published for vega (npm) Dec 30, 2020
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database