GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,279
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,421
Pub
12
RubyGems
891
Rust
873
Swift
36
Unreviewed advisories
All unreviewed
5,000+
66 advisories
Filter by severity
@discordjs/opus vulnerable to Denial of Service
High
CVE-2024-21521
was published
for
@discordjs/opus
(npm)
Jul 10, 2024
Uptime Kuma vulnerable to authenticated remote code execution via malicious plugin installation
High
CVE-2023-36821
was published
for
uptime-kuma
(npm)
May 1, 2024
Sending a GET or HEAD request with a body crashes SvelteKit
High
CVE-2024-23641
was published
for
@sveltejs/adapter-node
(npm)
Jan 24, 2024
URIjs Hostname spoofing via backslashes in URL
High
CVE-2021-27516
was published
for
urijs
(npm)
Mar 1, 2021
Incorrect protocol extraction via \r, \n and \t characters
High
CVE-2022-1243
was published
for
urijs
(npm)
Apr 6, 2022
Prototype pollution in object-path
High
CVE-2020-15256
was published
for
object-path
(npm)
Oct 19, 2020
json-web-token library is vulnerable to a JWT algorithm confusion attack
High
CVE-2023-48238
was published
for
json-web-token
(npm)
Nov 17, 2023
import-in-the-middle has unsanitized user controlled input in module generation
High
CVE-2023-38704
was published
for
import-in-the-middle
(npm)
Aug 8, 2023
keep-module-latest vulnerable to Command Injection due to missing input sanitization
High
CVE-2023-26128
was published
for
keep-module-latest
(npm)
May 27, 2023
bson-objectid contains Improper input validation
High
CVE-2019-19729
was published
for
bson-objectid
(npm)
May 24, 2022
decode-uri-component vulnerable to Denial of Service (DoS)
High
CVE-2022-38900
was published
for
decode-uri-component
(npm)
Nov 28, 2022
parse-server crashes when receiving file download request with invalid byte range
High
CVE-2022-39313
was published
for
parse-server
(npm)
Oct 18, 2022
Electron Vulnerable to Code Execution by Re-Enabling Node.js Integration
High
CVE-2018-1000136
was published
for
electron
(npm)
Mar 26, 2018
Header Forgery in http-signature
High
CVE-2017-16005
was published
for
http-signature
(npm)
Nov 9, 2018
ejs vulnerable to DoS due to weak input validation
High
CVE-2017-1000189
was published
for
ejs
(npm)
Mar 5, 2018
Denial of service vulnerability exists in libxmljs
High
CVE-2022-21144
was published
for
libxmljs
(npm)
May 3, 2022
is-http2 vulnerable to Improper Input Validation
High
CVE-2022-25906
was published
for
is-http2
(npm)
Feb 1, 2023
Validation bypass in frourio-express
High
CVE-2022-23624
was published
for
frourio-express
(npm)
Feb 7, 2022
ProTip!
Advisories are also available from the
GraphQL API