GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
2,000
Maven
5,000+
npm
3,711
NuGet
661
pip
3,383
Pub
11
RubyGems
885
Rust
849
Swift
36
Unreviewed advisories
All unreviewed
5,000+
73 advisories
Filter by severity
Switcher Client contains Regular Expression Denial of Service (ReDoS)
High
CVE-2023-23925
was published
for
switcher-client
(npm)
Feb 2, 2023
http-cache-semantics vulnerable to Regular Expression Denial of Service
High
CVE-2022-25881
was published
for
http-cache-semantics
(Maven)
Jan 31, 2023
Knex.js has a limited SQL injection vulnerability
High
CVE-2016-20018
was published
for
knex
(npm)
Dec 19, 2022
fastify/websocket vulnerable to uncaught exception via crash on malformed packet
High
CVE-2022-39386
was published
for
@fastify/websocket
(npm)
Nov 7, 2022
parse-server crashes when receiving file download request with invalid byte range
High
CVE-2022-39313
was published
for
parse-server
(npm)
Oct 18, 2022
Shescape prior to 1.5.8 vulnerable to insufficient escaping of line feeds for CMD
High
CVE-2022-31179
was published
for
shescape
(npm)
Jul 15, 2022
Bootstrap vulnerable to Cross-Site Scripting (XSS)
Moderate
CVE-2018-14040
was published
for
bootstrap
(RubyGems)
May 13, 2022
Open Redirect in koa-remove-trailing-slashes
Moderate
CVE-2021-23384
was published
for
koa-remove-trailing-slashes
(npm)
Feb 10, 2022
Time-of-check Time-of-use (TOCTOU) Race Condition in chownr
Low
CVE-2017-18869
was published
for
chownr
(npm)
Feb 10, 2022
Improper Certificate Validation in node-sass
Moderate
CVE-2020-24025
was published
for
node-sass
(npm)
Feb 9, 2022
Command Injection in node-windows
Critical
CVE-2021-45459
was published
for
node-windows
(npm)
Jan 5, 2022
Signature verification vulnerability in Stark Bank ecdsa libraries
High
GHSA-9wx7-jrvc-28mm
was published
for
com.starkbank:ecdsa-java
(Maven)
Nov 8, 2021
Remote command injection when using sendmail email transport
Moderate
GHSA-wfrj-qqc2-83cm
was published
for
ghost
(npm)
Sep 20, 2021
XSS in Image Optimization API for Next.js
High
CVE-2021-39178
was published
for
next
(npm)
Sep 1, 2021
Cross-site scripting in TileServer GL
Moderate
CVE-2020-15500
was published
for
tileserver-gl
(npm)
May 17, 2021
Arbitrary Code Execution in json-ptr
High
CVE-2020-7766
was published
for
json-ptr
(npm)
May 10, 2021
Improper Input Validation in sanitize-html
Moderate
CVE-2021-26539
was published
for
sanitize-html
(npm)
May 6, 2021
Prototype Pollution in asciitable.js
Critical
CVE-2020-7771
was published
for
asciitable.js
(npm)
Apr 13, 2021
Cross-Site Scripting in swagger-ui
Moderate
GHSA-4f9m-pxwh-68hg
was published
for
swagger-ui
(npm)
Sep 11, 2020
Cross-Site Scripting in diagram-js
Moderate
GHSA-8fw4-xh83-3j6q
was published
for
diagram-js
(npm)
Sep 11, 2020
The `size` option isn't honored after following a redirect in node-fetch
Low
CVE-2020-15168
was published
for
node-fetch
(npm)
Sep 10, 2020
Regular Expression Denial of Service in papaparse
High
GHSA-qvjc-g5vr-mfgr
was published
for
papaparse
(npm)
Sep 4, 2020
Cross-Site Scripting in @hapi/boom
Moderate
GHSA-2ggq-vfcp-gwhj
was published
for
@hapi/boom
(npm)
Sep 4, 2020
ProTip!
Advisories are also available from the
GraphQL API