GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,279
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,421
Pub
12
RubyGems
891
Rust
873
Swift
36
Unreviewed advisories
All unreviewed
5,000+
37 advisories
Filter by severity
webcrack has an Arbitrary File Write Vulnerability on Windows when Parsing and Saving a Malicious Bundle
Moderate
CVE-2024-43373
was published
for
webcrack
(npm)
Aug 14, 2024
socket.io has an unhandled 'error' event
Moderate
CVE-2024-38355
was published
for
socket.io
(npm)
Jun 19, 2024
Insufficient validation when decoding a Socket.IO packet
Moderate
CVE-2023-32695
was published
for
socket.io-parser
(npm)
May 23, 2023
mysql2 cache poisoning vulnerability
Moderate
CVE-2024-21507
was published
for
mysql2
(npm)
Apr 10, 2024
Spoofing attack in swagger-ui
Moderate
CVE-2018-25031
was published
for
swagger-ui
(npm)
Mar 12, 2022
matrix-appservice-irc IRC command injection via admin commands containing newlines
Moderate
CVE-2023-38690
was published
for
matrix-appservice-irc
(npm)
Aug 4, 2023
Cache Poisoning Vulnerability
Moderate
CVE-2024-29042
was published
for
translate
(npm)
Mar 22, 2024
Denial of Service in uap-core when processing crafted User-Agent strings
Moderate
CVE-2020-5243
was published
for
uap-core
(RubyGems)
Feb 20, 2020
Follow Redirects improperly handles URLs in the url.parse() function
Moderate
CVE-2023-26159
was published
for
follow-redirects
(npm)
Jan 2, 2024
Denial of Service Vulnerability in next.js
Moderate
CVE-2022-21721
was published
for
next
(npm)
Jan 28, 2022
Cube API denial of service attack
Moderate
CVE-2023-50709
was published
for
@cubejs-backend/api-gateway
(npm)
Dec 13, 2023
@adobe/css-tools Improper Input Validation and Inefficient Regular Expression Complexity
Moderate
CVE-2023-48631
was published
for
@adobe/css-tools
(npm)
Nov 30, 2023
@adobe/css-tools Regular Expression Denial of Service (ReDOS) while Parsing CSS
Moderate
CVE-2023-26364
was published
for
@adobe/css-tools
(npm)
Aug 29, 2023
Improper Input Validation in nocodb
Moderate
CVE-2023-5104
was published
for
nocodb
(npm)
Sep 21, 2023
Invalid push request payload crashes Parse Server
Moderate
CVE-2023-32688
was published
for
parse-server-push-adapter
(npm)
May 22, 2023
Improper Input Validation in vriteio/vrite
Moderate
CVE-2023-5571
was published
for
@vrite/sdk
(npm)
Oct 13, 2023
Auth0 angular-jwt misinterprets allowlist as regex
Moderate
CVE-2018-11537
was published
for
angular-jwt
(npm)
May 14, 2022
Sandbox Breakout / Arbitrary Code Execution in static-eval
Moderate
CVE-2017-16226
was published
for
static-eval
(npm)
Aug 6, 2018
netmask npm package mishandles octal input data
Moderate
CVE-2021-29418
was published
for
netmask
(npm)
Mar 29, 2021
Improper Input Validation in sanitize-html
Moderate
CVE-2021-26539
was published
for
sanitize-html
(npm)
May 6, 2021
Leading white space bypasses protocol validation
Moderate
CVE-2022-24723
was published
for
urijs
(npm)
Mar 3, 2022
Improper Input Validation in SocksJS-Node
Moderate
CVE-2020-7693
was published
for
sockjs
(npm)
Apr 13, 2021
Improper Input Validation in sanitize-html
Moderate
CVE-2021-26540
was published
for
sanitize-html
(npm)
May 6, 2021
Hostname spoofing via backslashes in URL
Moderate
CVE-2020-26291
was published
for
urijs
(npm)
Dec 30, 2020
ProTip!
Advisories are also available from the
GraphQL API