GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
2,000
Maven
5,000+
npm
3,711
NuGet
661
pip
3,383
Pub
11
RubyGems
885
Rust
849
Swift
36
Unreviewed advisories
All unreviewed
5,000+
158 advisories
Filter by severity
Hidden functionality in node-ipc
Low
GHSA-8gr3-2gjw-jj7g
was published
for
node-ipc
(npm)
Mar 16, 2022
Inconsistent storage layout for ERC2771ContextUpgradeable
Low
GHSA-7j52-6fjp-58gr
was published
for
@openzeppelin/contracts-upgradeable
(npm)
Mar 14, 2022
Forwarding of confidentials headers to third parties in fluture-node
Low
CVE-2022-24719
was published
for
fluture-node
(npm)
Mar 1, 2022
Time-of-check Time-of-use (TOCTOU) Race Condition in chownr
Low
CVE-2017-18869
was published
for
chownr
(npm)
Feb 10, 2022
Prototype Pollution in node-forge debug API.
Low
GHSA-5rrq-pxf6-6jx5
was published
for
node-forge
(npm)
Jan 8, 2022
Prototype Pollution in node-forge util.setPath API
Low
GHSA-wxgw-qj99-44c2
was published
for
node-forge
(npm)
Jan 8, 2022
URL parsing in node-forge could lead to undesired behavior.
Low
GHSA-gf8q-jrpm-jvxq
was published
for
node-forge
(npm)
Jan 8, 2022
jquery.terminal self XSS on user input
Low
CVE-2021-43862
was published
for
jquery.terminal
(npm)
Jan 6, 2022
Regular Expression Denial of Service (ReDoS) in braces
Low
CVE-2018-1109
was published
for
braces
(npm)
Jan 6, 2022
Regular Expression Denial of Service (ReDoS) in jsx-slack
Low
CVE-2021-43838
was published
for
jsx-slack
(npm)
Dec 17, 2021
Withdrawn: Arbitrary code execution in lodash
Low
Unreviewed
CVE-2021-41720
was published
for
lodash
(npm)
Dec 3, 2021
ERC1155Supply vulnerability in OpenZeppelin Contracts
Low
GHSA-wmpv-c2jp-j2xg
was published
for
@openzeppelin/contracts
(npm)
Nov 15, 2021
Cross-site Scripting in bootstrap-table
Low
CVE-2021-23472
was published
for
bootstrap-table
(npm)
Nov 8, 2021
Path traversal when using `preview-docs` when working dir contains files with question mark `?` in name
Low
GHSA-q324-q795-2q5p
was published
for
@redocly/openapi-cli
(npm)
Oct 12, 2021
Command injection in @diez/generation
Low
CVE-2021-32830
was published
for
@diez/generation
(npm)
Sep 2, 2021
Incorrect TCR calculation in batchLiquidateTroves() during Recovery Mode
Low
GHSA-xh2p-7p87-fhgh
was published
for
@liquity/contracts
(npm)
Aug 5, 2021
Improper Neutralization of Special Elements used in a Command ('Command Injection') in @floffah/build
Low
GHSA-jcgr-9698-82jx
was published
for
@floffah/build
(npm)
May 28, 2021
User content sandbox can be confused into opening arbitrary documents
Low
CVE-2021-21320
was published
for
matrix-react-sdk
(npm)
Mar 3, 2021
Path traversal in Node-Red
Low
CVE-2021-21298
was published
for
@node-red/runtime
(npm)
Feb 26, 2021
Token verification bug in next-auth
Low
CVE-2021-21310
was published
for
next-auth
(npm)
Feb 11, 2021
Regex denial of service vulnerability in codesample plugin
Low
GHSA-h96f-fc7c-9r55
was published
for
tinymce
(npm)
Jan 6, 2021
Parse Server stores password in plain text
Low
CVE-2020-26288
was published
for
parse-server
(npm)
Dec 28, 2020
ProTip!
Advisories are also available from the
GraphQL API