GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,285
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,741
NuGet
668
pip
3,422
Pub
12
RubyGems
892
Rust
875
Swift
36
Unreviewed advisories
All unreviewed
5,000+
66 advisories
Filter by severity
Prototype Pollution Protection Bypass in qs
High
CVE-2017-1000048
was published
for
qs
(npm)
Apr 30, 2020
AWS Lambda parser is vulnerable to Regular Expression Denial of Service
High
CVE-2018-7560
was published
for
aws-lambda-multipart-parser
(npm)
Mar 5, 2018
Keystone is vulnerable to CSV injection
High
CVE-2017-15879
was published
for
keystone
(npm)
Nov 16, 2017
Missing Origin Validation in webpack-dev-server
High
CVE-2018-14732
was published
for
webpack-dev-server
(npm)
Jan 4, 2019
Remote Code Execution in pi_video_recording
High
GHSA-9wjh-jr2j-6r4x
was published
for
pi_video_recording
(npm)
Sep 2, 2020
File restriction bypass in socket.io-file
High
GHSA-6495-8jvh-f28x
was published
for
socket.io-file
(npm)
Oct 2, 2020
Remote Code Execution in office-converter
High
GHSA-9p64-h5q4-phpm
was published
for
office-converter
(npm)
Sep 2, 2020
Remote Code Execution in pomelo-monitor
High
GHSA-m5ch-gx8g-rg73
was published
for
pomelo-monitor
(npm)
Sep 2, 2020
gatsby-transformer-remark has possible unsanitized JavaScript code injection
High
CVE-2023-22491
was published
for
gatsby-transformer-remark
(npm)
Jan 11, 2023
Regular Expression Denial-of-Service in npm schema-inspector
High
CVE-2021-21267
was published
for
schema-inspector
(npm)
Mar 19, 2021
OpenZeppelin Contracts's SignatureChecker may revert on invalid EIP-1271 signers
High
CVE-2022-31172
was published
for
@openzeppelin/contracts
(npm)
Jul 21, 2022
assign-deep Vulnerable to Prototype Pollution
High
CVE-2019-10745
was published
for
assign-deep
(npm)
Aug 21, 2019
jsonwebtoken has insecure input validation in jwt.verify function
High
CVE-2022-23529
was published
for
jsonwebtoken
(npm)
Dec 22, 2022
•
withdrawn
cumulative-distribution-function Infinite Loop vulnerability
High
CVE-2021-29486
was published
for
cumulative-distribution-function
(npm)
May 4, 2021
Improper Input Validation in xdLocalStorage
High
CVE-2015-9545
was published
for
xdLocalStorage
(npm)
Dec 9, 2021
OpenZeppelin Contracts's ERC165Checker may revert instead of returning false
High
CVE-2022-31170
was published
for
@openzeppelin/contracts
(npm)
Jul 21, 2022
Parse Server crashes with query parameter
High
CVE-2021-39187
was published
for
parse-server
(npm)
Sep 2, 2021
TaffyDB can allow access to any data items in the DB
High
CVE-2019-10790
was published
for
taffy
(npm)
Feb 19, 2020
Regular Expression Denial of Service in csv-parse
High
CVE-2019-17592
was published
for
csv-parse
(npm)
Oct 15, 2019
Improper Input Validation in sails-hook-sockets
High
CVE-2018-21036
was published
for
sails-hook-sockets
(npm)
Jul 24, 2020
ProTip!
Advisories are also available from the
GraphQL API