GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,062
Erlang
29
GitHub Actions
19
Go
1,889
Maven
5,000+
npm
3,622
NuGet
638
pip
3,233
Pub
10
RubyGems
857
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
144 advisories
Filter by severity
Prototype Pollution in node-forge util.setPath API
Low
GHSA-wxgw-qj99-44c2
was published
for
node-forge
(npm)
Jan 8, 2022
Prototype Pollution in node-forge debug API.
Low
GHSA-5rrq-pxf6-6jx5
was published
for
node-forge
(npm)
Jan 8, 2022
Time-of-check Time-of-use (TOCTOU) Race Condition in chownr
Low
CVE-2017-18869
was published
for
chownr
(npm)
Feb 10, 2022
Forwarding of confidentials headers to third parties in fluture-node
Low
CVE-2022-24719
was published
for
fluture-node
(npm)
Mar 1, 2022
Inconsistent storage layout for ERC2771ContextUpgradeable
Low
GHSA-7j52-6fjp-58gr
was published
for
@openzeppelin/contracts-upgradeable
(npm)
Mar 14, 2022
Hidden functionality in node-ipc
Low
GHSA-8gr3-2gjw-jj7g
was published
for
node-ipc
(npm)
Mar 16, 2022
Renderers can obtain access to random bluetooth device without permission in Electron
Low
CVE-2022-21718
was published
for
electron
(npm)
Mar 22, 2022
Duplicate Advisory: Node CLI Allows Arbitrary File Overwrite
Low
CVE-2016-1000021
was published
for
cli
(npm)
May 24, 2022
•
withdrawn
Withdrawn Advisory: Insufficient Granularity of Access Control in JSDom
Low
CVE-2021-20066
was published
for
jsdom
(npm)
May 24, 2022
•
withdrawn
Regular expression denial of service in jquery-validation
Low
CVE-2021-43306
was published
for
jQuery.Validation
(npm)
Jun 3, 2022
Regular expression denial of service in markdown-link-extractor
Low
CVE-2021-43308
was published
for
markdown-link-extractor
(npm)
Jun 3, 2022
Regular expression denial of service in semver-regex
Low
CVE-2021-43307
was published
for
semver-regex
(npm)
Jun 3, 2022
Compromised child renderer processes could obtain IPC access without nodeIntegrationInSubFrames being enabled
Low
CVE-2022-29247
was published
for
electron
(npm)
Jun 16, 2022
undici before v5.8.0 vulnerable to uncleared cookies on cross-host / cross-origin redirect
Low
CVE-2022-31151
was published
for
undici
(npm)
Jul 21, 2022
next-auth before v4.10.2 and v3.29.9 leaks excessive information into log
Low
CVE-2022-31186
was published
for
next-auth
(npm)
Aug 6, 2022
Command Injection in moment-timezone
Low
GHSA-56x4-j7p9-fcf9
was published
for
moment-timezone
(npm)
Aug 30, 2022
Improper Control of Generation of Code ('Code Injection') in mdx-mermaid
Low
CVE-2022-36036
was published
for
mdx-mermaid
(npm)
Aug 31, 2022
parse-server auth adapter app ID validation can be circumvented
Low
CVE-2022-39231
was published
for
parse-server
(npm)
Sep 21, 2022
Incorrect default cookie name and recommendation
Low
GHSA-jjmg-x456-w976
was published
for
csrf-csrf
(npm)
Oct 10, 2022
Hardening of TypedArrays with non-canonical numeric property names in SES
Low
GHSA-whpx-q3rq-w8jc
was published
for
ses
(npm)
Oct 20, 2022
sweetalert2 v11.4.9 and above contains hidden functionality
Low
GHSA-qq6h-5g6j-q3cm
was published
for
sweetalert2
(npm)
Nov 23, 2022
sweetalert2 v10.16.10 and above contains hidden functionality
Low
GHSA-457r-cqc8-9vj9
was published
for
sweetalert2
(npm)
Nov 23, 2022
sweetalert2 v9.17.4 and above contains hidden functionality
Low
GHSA-pg98-6v7f-2xfv
was published
for
sweetalert2
(npm)
Nov 23, 2022
sweetalert2 v8.19.1 and above contains hidden functionality
Low
GHSA-8jh9-wqpf-q52c
was published
for
sweetalert2
(npm)
Nov 23, 2022
ProTip!
Advisories are also available from the
GraphQL API