Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,023
Erlang
29
GitHub Actions
16
Go
1,830
Maven
5,000+
npm
3,573
NuGet
632
pip
3,156
Pub
10
RubyGems
847
Rust
796
Swift
34
Unreviewed advisories
All unreviewed
5,000+

1,411 advisories

Loading
MeshCentral cross-site websocket hijacking (CSWSH) vulnerability High
CVE-2024-26135 was published for meshcentral (npm) Feb 21, 2024
Cross-site Scripting in electron-pdf High
CVE-2024-1648 was published for electron-pdf (npm) Feb 20, 2024
GitHub Security Lab (GHSL) Vulnerability Report, scrypted: `GHSL-2023-218`, `GHSL-2023-219` High
GHSA-w4hv-vmv9-hgcr was published for @scrypted/core (npm) Feb 16, 2024
Kwstubbs
angular vulnerable to super-linear runtime due to backtracking High
CVE-2024-21490 was published for angular (Maven) Feb 10, 2024
Yarn untrusted search path vulnerability High
CVE-2021-4435 was published for yarn (npm) Feb 4, 2024
Ylianst MeshCentral 1.1.16 suffers from Use of a Broken or Risky Cryptographic Algorithm. High
CVE-2023-51838 was published for meshcentral (npm) Feb 2, 2024
@apollo/experimental-nextjs-app-support Cross-site Scripting vulnerability High
CVE-2024-23841 was published for @apollo/experimental-nextjs-app-support (npm) Jan 30, 2024
phryneas IkeMurami
peakematt
@urql/next Cross-site Scripting vulnerability High
CVE-2024-24556 was published for @urql/next (npm) Jan 30, 2024
react-query-streamed-hydration Cross-site Scripting vulnerability High
CVE-2024-24558 was published for @tanstack/react-query-next-experimental (npm) Jan 30, 2024
phryneas
network Arbitrary Command Injection vulnerability High
CVE-2024-21488 was published for network (npm) Jan 30, 2024
MeshCentral algorithm-downgrade issue High
CVE-2023-51842 was published for meshcentral (npm) Jan 29, 2024
Sending a GET or HEAD request with a body crashes SvelteKit High
CVE-2024-23641 was published for @sveltejs/adapter-node (npm) Jan 24, 2024
kamerat Rich-Harris
Conduitry dominikg benmccann
SPV Merkle proof malleability allows the maintainer to prove invalid transactions High
GHSA-wg2x-rv86-mmpx was published for @keep-network/tbtc-v2 (npm) Jan 19, 2024
Vite dev server option `server.fs.deny` can be bypassed when hosted on case-insensitive filesystem High
CVE-2024-23331 was published for vite (npm) Jan 19, 2024
dariushoule
Marvin Attack of RSA and RSAOAEP decryption in jsrsasign High
CVE-2024-21484 was published for jsrsasign (npm) Jan 19, 2024
tomato42
EverShop at risk to unauthorized access via weak HMAC secret High
CVE-2023-46943 was published for @evershop/evershop (npm) Jan 13, 2024
EverShop vulnerable to improper authorization in GraphQL endpoints High
CVE-2023-46942 was published for @evershop/evershop (npm) Jan 13, 2024
@backstage/backend-app-api leaks GitLab access tokens High
CVE-2023-6944 was published for @backstage/backend-app-api (npm) Jan 4, 2024
CouchAuth host header injection vulnerability leaks the password reset token High
CVE-2023-39655 was published for @perfood/couch-auth (npm) Jan 3, 2024
Miniflare vulnerable to Server-Side Request Forgery (SSRF) High
CVE-2023-7078 was published for miniflare (npm) Dec 29, 2023
Lekensteyn
msgpackr's conversion of property names to strings can trigger infinite recursion High
CVE-2023-52079 was published for msgpackr (npm) Dec 28, 2023
o5k
Sentry's Astro SDK vulnerable to ReDoS High
CVE-2023-50249 was published for @sentry/astro (npm) Dec 18, 2023
Unauthenticated Denial of Service in the octokit/webhooks library High
CVE-2023-50728 was published for @octokit/app (npm) Dec 16, 2023
SSRF & Credentials Leak High
CVE-2023-49799 was published for nuxt-api-party (npm) Dec 12, 2023
OhB00
Overly permissive origin policy High
CVE-2023-49803 was published for @koa/cors (npm) Dec 11, 2023
PawelJ-PL
ProTip! Advisories are also available from the GraphQL API