Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,205
Erlang
31
GitHub Actions
19
Go
1,986
Maven
5,000+
npm
3,703
NuGet
661
pip
3,329
Pub
11
RubyGems
884
Rust
843
Swift
36
Unreviewed advisories
All unreviewed
5,000+

156 advisories

Loading
personnummer/js vulnerable to Improper Input Validation Low
GHSA-vpgc-7h78-gx8f was published for personnummer (npm) Sep 4, 2020
The `size` option isn't honored after following a redirect in node-fetch Low
CVE-2020-15168 was published for node-fetch (npm) Sep 10, 2020
rynop tdunlap607
ziviseal
Incorrect Calculation in bigint-money Low
GHSA-9r3m-mhfm-39cm was published for bigint-money (npm) Sep 11, 2020
Environment Variable Injection in GitHub Actions Low
CVE-2020-15228 was published for @actions/core (npm) Oct 1, 2020
Context isolation bypass in Electron Low
CVE-2020-15215 was published for electron (npm) Oct 6, 2020
nornagon MarshallOfSound
Regular Expression Denial of Service in npm-user-validate Low
GHSA-xgh6-85xh-479p was published for npm-user-validate (npm) Oct 16, 2020
Unprotected dynamically loaded chunks Low
CVE-2020-15262 was published for webpack-subresource-integrity (npm) Oct 19, 2020
Denial of service in fast-csv Low
CVE-2020-26256 was published for @fast-csv/parse (npm) Dec 8, 2020
Parse Server stores password in plain text Low
CVE-2020-26288 was published for parse-server (npm) Dec 28, 2020
fastrde depsir
XSS in Vega Low
CVE-2020-26296 was published for vega (npm) Dec 30, 2020
Regex denial of service vulnerability in codesample plugin Low
GHSA-h96f-fc7c-9r55 was published for tinymce (npm) Jan 6, 2021
Token verification bug in next-auth Low
CVE-2021-21310 was published for next-auth (npm) Feb 11, 2021
AlessandroA balazsorban44
iaincollins
Path traversal in Node-Red Low
CVE-2021-21298 was published for @node-red/runtime (npm) Feb 26, 2021
Prefix escape Low
CVE-2021-21322 was published for fastify-http-proxy (npm) Mar 3, 2021
User content sandbox can be confused into opening arbitrary documents Low
CVE-2021-21320 was published for matrix-react-sdk (npm) Mar 3, 2021
keerok
Improper Neutralization of Special Elements used in a Command ('Command Injection') in @floffah/build Low
GHSA-jcgr-9698-82jx was published for @floffah/build (npm) May 28, 2021
Incorrect TCR calculation in batchLiquidateTroves() during Recovery Mode Low
GHSA-xh2p-7p87-fhgh was published for @liquity/contracts (npm) Aug 5, 2021
Command injection in @diez/generation Low
CVE-2021-32830 was published for @diez/generation (npm) Sep 2, 2021
Path traversal when using `preview-docs` when working dir contains files with question mark `?` in name Low
GHSA-q324-q795-2q5p was published for @redocly/openapi-cli (npm) Oct 12, 2021
edkelly-ovo
Cross-site Scripting in bootstrap-table Low
CVE-2021-23472 was published for bootstrap-table (npm) Nov 8, 2021
ERC1155Supply vulnerability in OpenZeppelin Contracts Low
GHSA-wmpv-c2jp-j2xg was published for @openzeppelin/contracts (npm) Nov 15, 2021
ChainSecurityAudits
Withdrawn: Arbitrary code execution in lodash Low Unreviewed
CVE-2021-41720 was published for lodash (npm) Dec 3, 2021
Regular Expression Denial of Service (ReDoS) in jsx-slack Low
CVE-2021-43838 was published for jsx-slack (npm) Dec 17, 2021
hieki
Regular Expression Denial of Service (ReDoS) in braces Low
CVE-2018-1109 was published for braces (npm) Jan 6, 2022
jquery.terminal self XSS on user input Low
CVE-2021-43862 was published for jquery.terminal (npm) Jan 6, 2022
Nahiiko
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database