GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,096
Erlang
29
GitHub Actions
19
Go
1,925
Maven
5,000+
npm
3,654
NuGet
638
pip
3,263
Pub
10
RubyGems
873
Rust
823
Swift
35
Unreviewed advisories
All unreviewed
5,000+
146 advisories
Filter by severity
Hardening of TypedArrays with non-canonical numeric property names in SES
Low
GHSA-whpx-q3rq-w8jc
was published
for
ses
(npm)
Oct 20, 2022
Incorrect default cookie name and recommendation
Low
GHSA-jjmg-x456-w976
was published
for
csrf-csrf
(npm)
Oct 10, 2022
parse-server auth adapter app ID validation can be circumvented
Low
CVE-2022-39231
was published
for
parse-server
(npm)
Sep 21, 2022
Improper Control of Generation of Code ('Code Injection') in mdx-mermaid
Low
CVE-2022-36036
was published
for
mdx-mermaid
(npm)
Aug 31, 2022
Command Injection in moment-timezone
Low
GHSA-56x4-j7p9-fcf9
was published
for
moment-timezone
(npm)
Aug 30, 2022
next-auth before v4.10.2 and v3.29.9 leaks excessive information into log
Low
CVE-2022-31186
was published
for
next-auth
(npm)
Aug 6, 2022
undici before v5.8.0 vulnerable to uncleared cookies on cross-host / cross-origin redirect
Low
CVE-2022-31151
was published
for
undici
(npm)
Jul 21, 2022
Compromised child renderer processes could obtain IPC access without nodeIntegrationInSubFrames being enabled
Low
CVE-2022-29247
was published
for
electron
(npm)
Jun 16, 2022
Regular expression denial of service in semver-regex
Low
CVE-2021-43307
was published
for
semver-regex
(npm)
Jun 3, 2022
Regular expression denial of service in markdown-link-extractor
Low
CVE-2021-43308
was published
for
markdown-link-extractor
(npm)
Jun 3, 2022
Regular expression denial of service in jquery-validation
Low
CVE-2021-43306
was published
for
jQuery.Validation
(npm)
Jun 3, 2022
Withdrawn Advisory: Insufficient Granularity of Access Control in JSDom
Low
CVE-2021-20066
was published
for
jsdom
(npm)
May 24, 2022
•
withdrawn
Duplicate Advisory: Node CLI Allows Arbitrary File Overwrite
Low
CVE-2016-1000021
was published
for
cli
(npm)
May 24, 2022
•
withdrawn
Renderers can obtain access to random bluetooth device without permission in Electron
Low
CVE-2022-21718
was published
for
electron
(npm)
Mar 22, 2022
Hidden functionality in node-ipc
Low
GHSA-8gr3-2gjw-jj7g
was published
for
node-ipc
(npm)
Mar 16, 2022
Inconsistent storage layout for ERC2771ContextUpgradeable
Low
GHSA-7j52-6fjp-58gr
was published
for
@openzeppelin/contracts-upgradeable
(npm)
Mar 14, 2022
Forwarding of confidentials headers to third parties in fluture-node
Low
CVE-2022-24719
was published
for
fluture-node
(npm)
Mar 1, 2022
Time-of-check Time-of-use (TOCTOU) Race Condition in chownr
Low
CVE-2017-18869
was published
for
chownr
(npm)
Feb 10, 2022
Prototype Pollution in node-forge debug API.
Low
GHSA-5rrq-pxf6-6jx5
was published
for
node-forge
(npm)
Jan 8, 2022
Prototype Pollution in node-forge util.setPath API
Low
GHSA-wxgw-qj99-44c2
was published
for
node-forge
(npm)
Jan 8, 2022
URL parsing in node-forge could lead to undesired behavior.
Low
GHSA-gf8q-jrpm-jvxq
was published
for
node-forge
(npm)
Jan 8, 2022
jquery.terminal self XSS on user input
Low
CVE-2021-43862
was published
for
jquery.terminal
(npm)
Jan 6, 2022
Regular Expression Denial of Service (ReDoS) in braces
Low
CVE-2018-1109
was published
for
braces
(npm)
Jan 6, 2022
Regular Expression Denial of Service (ReDoS) in jsx-slack
Low
CVE-2021-43838
was published
for
jsx-slack
(npm)
Dec 17, 2021
ProTip!
Advisories are also available from the
GraphQL API