GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
2,000
Maven
5,000+
npm
3,711
NuGet
661
pip
3,383
Pub
11
RubyGems
885
Rust
849
Swift
36
Unreviewed advisories
All unreviewed
5,000+
89 advisories
Filter by severity
Privilege escalation in mysql-connector-jav
Moderate
CVE-2019-2692
was published
for
mysql:mysql-connector-java
(Maven)
Jul 1, 2020
Passing in a non-string 'html' argument can lead to unsanitized output
Moderate
CVE-2021-32696
was published
for
striptags
(npm)
Jun 18, 2021
Prototype Pollution in object-path
Moderate
CVE-2021-23434
was published
for
object-path
(npm)
Sep 1, 2021
Wrong type for `Linker`-define functions when used across two `Engine`s
Moderate
CVE-2021-39219
was published
for
wasmtime
(pip)
Sep 20, 2021
Cross-site Scripting in edge.js
Moderate
CVE-2021-23443
was published
for
edge.js
(npm)
Sep 22, 2021
Prototype Pollution in json-pointer
Moderate
CVE-2021-23820
was published
for
json-pointer
(npm)
Nov 8, 2021
Prototype Pollution in json-ptr
Moderate
CVE-2021-23509
was published
for
json-ptr
(npm)
Nov 8, 2021
Prototype Pollution in node-jsonpointer
Moderate
CVE-2021-23807
was published
for
jsonpointer
(npm)
Nov 8, 2021
There is a Vulnerability of accessing resources using an incompatible type (type confusion) in...
Moderate
Unreviewed
CVE-2021-40037
was published
Jan 11, 2022
Lua 5.4.4 and 5.4.2 are affected by SEGV by type confusion in funcnamefromcode function in ldebug...
Moderate
Unreviewed
CVE-2021-44647
was published
Jan 12, 2022
`CHECK`-failures in binary ops in Tensorflow
Moderate
CVE-2022-23583
was published
for
tensorflow
(pip)
Feb 10, 2022
The CSS parser (khtml/css/cssparser.cpp) in Konqueror in KDE 4.7.3 allows remote attackers to...
Moderate
Unreviewed
CVE-2012-4512
was published
Apr 23, 2022
Type confusion in extensions JavaScript bindings in Google Chrome prior to 60.0.3112.78 for Mac,...
Moderate
Unreviewed
CVE-2017-5094
was published
May 13, 2022
Google V8, as used in Google Chrome before 14.0.835.163, does not properly perform object sealing...
Moderate
Unreviewed
CVE-2011-2875
was published
May 13, 2022
In LuaJIT through 2.0.5, as used in Moonjit before 2.1.2 and other products, debug.getinfo has a...
Moderate
Unreviewed
CVE-2019-19391
was published
May 24, 2022
Type confusion in JavaScript in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to...
Moderate
Unreviewed
CVE-2019-13730
was published
May 24, 2022
Type confusion in JavaScript in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to...
Moderate
Unreviewed
CVE-2019-13764
was published
May 24, 2022
Multiple memory corruption issues were addressed with improved memory handling. This issue is...
Moderate
Unreviewed
CVE-2019-8597
was published
May 24, 2022
Type confusion in JavaScript in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to...
Moderate
Unreviewed
CVE-2020-6382
was published
May 24, 2022
Type confusion in V8 in Google Chrome prior to 80.0.3987.116 allowed a remote attacker to...
Moderate
Unreviewed
CVE-2020-6383
was published
May 24, 2022
Type confusion in V8 in Google Chrome prior to 80.0.3987.122 allowed a remote attacker to...
Moderate
Unreviewed
CVE-2020-6418
was published
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API