Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,205
Erlang
31
GitHub Actions
19
Go
1,986
Maven
5,000+
npm
3,703
NuGet
661
pip
3,329
Pub
11
RubyGems
884
Rust
843
Swift
36
Unreviewed advisories
All unreviewed
5,000+

156 advisories

Loading
Shescape potential environment variable exposure on Windows with CMD Low
CVE-2023-35931 was published for shescape (npm) Jun 22, 2023
eslint-detailed-reporter vulnerable to cross-site scripting Low
CVE-2022-4942 was published for eslint-detailed-reporter (npm) Apr 20, 2023
Possible prototype pollution in metadata record, when using meta decorator Low
CVE-2023-30857 was published for @aedart/support (npm) May 1, 2023
sweetalert2 v11.6.14 and above contains potentially undesirable behavior Low
GHSA-mrr8-v49w-3333 was published for sweetalert2 (npm) Jul 10, 2023
Next.js missing cache-control header may lead to CDN caching empty reply Low
CVE-2023-46298 was published for next (npm) Oct 22, 2023
medikoo
matrix-appservice-irc events can be crafted to leak parts of targeted messages from other bridged rooms Low
CVE-2023-38700 was published for matrix-appservice-irc (npm) Aug 4, 2023
google-translate-api-browser Server-Side Request Forgery (SSRF) Vulnerability Low
CVE-2023-48711 was published for google-translate-api-browser (npm) Nov 27, 2023
PinkDraconian
fast-xml-parser regex vulnerability patch could be improved from a safety perspective Low
GHSA-gpv5-7x3g-ghjv was published for fast-xml-parser (npm) Jun 15, 2023
juliangilbey
Duplicate Advisory: Node CLI Allows Arbitrary File Overwrite Low
CVE-2016-1000021 was published for cli (npm) May 24, 2022 withdrawn
Undici's cookie header not cleared on cross-origin redirect in fetch Low
CVE-2023-45143 was published for undici (npm) Oct 16, 2023
ranjit-git KhafraDev
mcollina
es5-ext vulnerable to Regular Expression Denial of Service in `function#copy` and `function#toStringTokens` Low
CVE-2024-27088 was published for es5-ext (npm) Feb 26, 2024
GAP-dev SCH227
OpenZeppelin Contracts base64 encoding may read from potentially dirty memory Low
CVE-2024-27094 was published for @openzeppelin/contracts (npm) Feb 29, 2024
rholterhus
lambda-middleware Inefficient Regular Expression Complexity vulnerability Low
CVE-2021-4437 was published for @lambda-middleware/json-deserializer (npm) Feb 12, 2024
Potential leakage of Sentry auth tokens by React Native SDK with Expo plugin Low
GHSA-68c2-4mpx-qh95 was published for @sentry/react-native (npm) Mar 1, 2024
Session Token in URL in directus Low
CVE-2024-28238 was published for directus (npm) Mar 12, 2024
Regular Expression Denial of Service in debug Low
CVE-2017-16137 was published for debug (npm) Aug 9, 2018
G-Rath SamHutchins-Sage
Prototype pollution in emit function Low
GHSA-82jv-9wjw-pqh6 was published for derby (npm) Apr 17, 2024
chluo1997
Enabling Authentication does not close all logged in socket connections immediately Low
GHSA-23q2-5gf8-gjpp was published for uptime-kuma (npm) Apr 19, 2024
Undici's Proxy-Authorization header not cleared on cross-origin redirect for dispatch, request, stream, pipeline Low
CVE-2024-30260 was published for undici (npm) Apr 4, 2024
Undici's fetch with integrity option is too lax when algorithm is specified but hash value is in incorrect Low
CVE-2024-30261 was published for undici (npm) Apr 4, 2024
Uzlopak
Undici proxy-authorization header not cleared on cross-origin redirect in fetch Low
CVE-2024-24758 was published for undici (npm) Feb 16, 2024
T1m0n0 mcollina
Firebase vulnerable to CRSF attack Low
CVE-2024-4128 was published for firebase-tools (npm) May 2, 2024
thelounge may publicly disclose of all usernames/idents via port 113 Low
GHSA-g49q-jw42-6x85 was published for thelounge (npm) May 9, 2024
Juerd
Local File Inclusion vulnerability in zmarkdown Low
GHSA-mq6v-w35g-3c97 was published for zmarkdown (npm) Feb 3, 2024
gustavi
vxe-table Cross-site Scripting vulnerability Low
CVE-2023-1001 was published for vxe-table (npm) May 24, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database