Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,902
Maven
5,000+
npm
3,631
NuGet
638
pip
3,246
Pub
10
RubyGems
863
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

35 advisories

Loading
Server crashes on invalid Cloud Function or Cloud Job name Critical
CVE-2024-29027 was published for parse-server (npm) Mar 19, 2024
mtrezza EhsanParsania
SES's dynamic import and spread operator provides possible path to arbitrary exfiltration and execution Critical
CVE-2023-39532 was published for ses (npm) Aug 9, 2023
corrideat
xmldom allows multiple root nodes in a DOM Critical
CVE-2022-39353 was published for @xmldom/xmldom (npm) Nov 1, 2022
frumioj karfau
kurt-r2c
Insufficient validation when decoding a Socket.IO packet Critical
CVE-2022-2421 was published for socket.io-parser (npm) Oct 26, 2022
darrachequesne kurt-r2c
isolated-vm has vulnerable CachedDataOptions in API Critical
CVE-2022-39266 was published for isolated-vm (npm) Sep 30, 2022
hedgehog80
loopback-connector-postgresql Vulnerable to Improper Sanitization of `contains` Filter Critical
CVE-2022-35942 was published for loopback-connector-postgresql (npm) Aug 11, 2022
mgabeler-lee-6rs
NextAuth.js before 4.10.3 and 3.29.10 sending verification requests (magic link) to unwanted emails Critical
CVE-2022-35924 was published for next-auth (npm) Aug 2, 2022
aried3r feross
linux-cmdline is vulnerable to Prototype Pollution via the constructor Critical
CVE-2020-7704 was published for linux-cmdline (npm) May 24, 2022
HashBrown CMS RCE Critical
CVE-2020-6948 was published for hashbrown-cms (npm) May 24, 2022
Improper Input Validation in Deap Critical
CVE-2018-3749 was published for deap (npm) May 14, 2022
Etherpad Lite Access Restriction Bypass Critical
CVE-2018-6835 was published for ep_etherpad-lite (npm) May 13, 2022
Nuclide Improper Input Validation Critical
CVE-2018-6333 was published for nuclide (npm) May 13, 2022
Remote Code Execution in npm-groovy-lint Critical
GHSA-qc22-qwm9-j8rx was published for npm-groovy-lint (npm) Dec 20, 2021
Arbitrary Command Injection Critical
CVE-2021-23399 was published for wincred (npm) Jun 29, 2021
Prototype Pollution in locutus Critical
CVE-2020-7719 was published for locutus (npm) May 6, 2021
Validation bypass in jpv Critical
CVE-2020-17479 was published for jpv (npm) May 6, 2021
Improper parsing of octal bytes in netmask Critical
CVE-2021-28918 was published for netmask (npm) Apr 14, 2021
Remote code execution in mongo-express Critical
CVE-2020-24391 was published for mongodb-query-parser (npm) Apr 13, 2021
Improper Input Validation in network-manager Critical
CVE-2019-10786 was published for network-manager (npm) Apr 13, 2021
Prefix escape Critical
CVE-2021-21321 was published for fastify-reply-from (npm) Mar 3, 2021
Command Injection in npm-programmatic Critical
CVE-2020-7614 was published for npm-programmatic (npm) Apr 23, 2020
Sandbox Breakout / Arbitrary Code Execution in safer-eval Critical
CVE-2019-10769 was published for safer-eval (npm) Dec 11, 2019
Critical severity vulnerability that affects slpjs Critical
CVE-2019-16762 was published for slpjs (npm) Nov 15, 2019
Validation Bypass in slp-validate Critical
CVE-2019-16761 was published for slp-validate (npm) Nov 15, 2019
Improper Input Validation in Automattic Mongoose Critical
CVE-2019-17426 was published for mongoose (npm) Oct 22, 2019
wyardley
ProTip! Advisories are also available from the GraphQL API