Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,902
Maven
5,000+
npm
3,631
NuGet
638
pip
3,246
Pub
10
RubyGems
863
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

34 advisories

Loading
Insight API transaction broadcast endpoint can result in Full Path Disclosure Moderate
CVE-2018-1000023 was published for insight-api (npm) Mar 5, 2018
Sandbox Breakout / Arbitrary Code Execution in static-eval Moderate
CVE-2017-16226 was published for static-eval (npm) Aug 6, 2018
Route Validation Bypass in call Moderate
CVE-2016-10543 was published for call (npm) Feb 18, 2019
Insecure Default Configuration in redbird Moderate
GHSA-8948-ffc6-jg52 was published for redbird (npm) Jun 6, 2019
Denial of Service in uap-core when processing crafted User-Agent strings Moderate
CVE-2020-5243 was published for uap-core (RubyGems) Feb 20, 2020
bcaller
User Impersonation in converse.js Moderate
CVE-2017-5858 was published for converse.js (npm) Sep 11, 2020
ReDOS vulnerabities: multiple grammars Moderate
GHSA-7wwv-vh3v-89cq was published for @highlightjs/cdn-assets (npm) Dec 4, 2020
RunDevelopment erik-krogh
kurt-r2c
Hostname spoofing via backslashes in URL Moderate
CVE-2020-26291 was published for urijs (npm) Dec 30, 2020
alesandroortiz
netmask npm package mishandles octal input data Moderate
CVE-2021-29418 was published for netmask (npm) Mar 29, 2021
Improper Input Validation in SocksJS-Node Moderate
CVE-2020-7693 was published for sockjs (npm) Apr 13, 2021
Improper Input Validation in sanitize-html Moderate
CVE-2021-26539 was published for sanitize-html (npm) May 6, 2021
tdunlap607
Improper Input Validation in sanitize-html Moderate
CVE-2021-26540 was published for sanitize-html (npm) May 6, 2021
Improper Input Validation in Google Closure Library Moderate
CVE-2020-8910 was published for google-closure-library (npm) May 7, 2021
Improperly Controlled Modification of Dynamically-Determined Object Attributes in vega-util Moderate
CVE-2019-10806 was published for vega-util (npm) May 7, 2021
Improper Validation and Sanitization in url-parse Moderate
CVE-2020-8124 was published for url-parse (npm) Jan 6, 2022
Denial of Service Vulnerability in next.js Moderate
CVE-2022-21721 was published for next (npm) Jan 28, 2022
ijjk
Leading white space bypasses protocol validation Moderate
CVE-2022-24723 was published for urijs (npm) Mar 3, 2022
P0cas
Improper Input Validation in url-js Moderate
CVE-2022-25839 was published for url-js (npm) Mar 12, 2022
Spoofing attack in swagger-ui Moderate
CVE-2018-25031 was published for swagger-ui (npm) Mar 12, 2022
Auth0 angular-jwt misinterprets allowlist as regex Moderate
CVE-2018-11537 was published for angular-jwt (npm) May 14, 2022
Improper Input Validation in strapi Moderate
CVE-2020-13961 was published for strapi (npm) May 24, 2022
AutoUpdater module fails to validate certain nested components of the bundle Moderate
CVE-2022-29257 was published for electron (npm) Jun 16, 2022
Improper beacon events in matrix-js-sdk can result in availability issues Moderate
CVE-2022-39236 was published for matrix-js-sdk (npm) Sep 29, 2022
Invalid push request payload crashes Parse Server Moderate
CVE-2023-32688 was published for parse-server-push-adapter (npm) May 22, 2023
dblythy mtrezza
matrix-appservice-irc IRC command injection via admin commands containing newlines Moderate
CVE-2023-38690 was published for matrix-appservice-irc (npm) Aug 4, 2023
ProTip! Advisories are also available from the GraphQL API