GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,224
Erlang
31
GitHub Actions
19
Go
1,990
Maven
5,000+
npm
3,706
NuGet
661
pip
3,336
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+
34 advisories
Filter by severity
Insecure Default Configuration in redbird
Moderate
GHSA-8948-ffc6-jg52
was published
for
redbird
(npm)
Jun 6, 2019
Insight API transaction broadcast endpoint can result in Full Path Disclosure
Moderate
CVE-2018-1000023
was published
for
insight-api
(npm)
Mar 5, 2018
User Impersonation in converse.js
Moderate
CVE-2017-5858
was published
for
converse.js
(npm)
Sep 11, 2020
ReDOS vulnerabities: multiple grammars
Moderate
GHSA-7wwv-vh3v-89cq
was published
for
@highlightjs/cdn-assets
(npm)
Dec 4, 2020
Improper Input Validation in url-js
Moderate
CVE-2022-25839
was published
for
url-js
(npm)
Mar 12, 2022
Improper Input Validation in strapi
Moderate
CVE-2020-13961
was published
for
strapi
(npm)
May 24, 2022
AutoUpdater module fails to validate certain nested components of the bundle
Moderate
CVE-2022-29257
was published
for
electron
(npm)
Jun 16, 2022
Improperly Controlled Modification of Dynamically-Determined Object Attributes in vega-util
Moderate
CVE-2019-10806
was published
for
vega-util
(npm)
May 7, 2021
Improper Input Validation in Google Closure Library
Moderate
CVE-2020-8910
was published
for
google-closure-library
(npm)
May 7, 2021
Improper beacon events in matrix-js-sdk can result in availability issues
Moderate
CVE-2022-39236
was published
for
matrix-js-sdk
(npm)
Sep 29, 2022
Improper Validation and Sanitization in url-parse
Moderate
CVE-2020-8124
was published
for
url-parse
(npm)
Jan 6, 2022
Hostname spoofing via backslashes in URL
Moderate
CVE-2020-26291
was published
for
urijs
(npm)
Dec 30, 2020
Improper Input Validation in sanitize-html
Moderate
CVE-2021-26540
was published
for
sanitize-html
(npm)
May 6, 2021
Improper Input Validation in SocksJS-Node
Moderate
CVE-2020-7693
was published
for
sockjs
(npm)
Apr 13, 2021
Leading white space bypasses protocol validation
Moderate
CVE-2022-24723
was published
for
urijs
(npm)
Mar 3, 2022
Improper Input Validation in sanitize-html
Moderate
CVE-2021-26539
was published
for
sanitize-html
(npm)
May 6, 2021
netmask npm package mishandles octal input data
Moderate
CVE-2021-29418
was published
for
netmask
(npm)
Mar 29, 2021
Sandbox Breakout / Arbitrary Code Execution in static-eval
Moderate
CVE-2017-16226
was published
for
static-eval
(npm)
Aug 6, 2018
Auth0 angular-jwt misinterprets allowlist as regex
Moderate
CVE-2018-11537
was published
for
angular-jwt
(npm)
May 14, 2022
Improper Input Validation in vriteio/vrite
Moderate
CVE-2023-5571
was published
for
@vrite/sdk
(npm)
Oct 13, 2023
Invalid push request payload crashes Parse Server
Moderate
CVE-2023-32688
was published
for
parse-server-push-adapter
(npm)
May 22, 2023
Improper Input Validation in nocodb
Moderate
CVE-2023-5104
was published
for
nocodb
(npm)
Sep 21, 2023
@adobe/css-tools Regular Expression Denial of Service (ReDOS) while Parsing CSS
Moderate
CVE-2023-26364
was published
for
@adobe/css-tools
(npm)
Aug 29, 2023
ProTip!
Advisories are also available from the
GraphQL API