GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
960 advisories
Filter by severity
MrSwitch hello.js vulnerable to prototype pollution
Critical
CVE-2021-26505
was published
for
hellojs
(npm)
Aug 11, 2023
SES's dynamic import and spread operator provides possible path to arbitrary exfiltration and execution
Critical
CVE-2023-39532
was published
for
ses
(npm)
Aug 9, 2023
Soketi was exposed to Sandbox Escape vulnerability via vm2
Critical
GHSA-g6w6-h933-4rc5
was published
for
@soketi/soketi
(npm)
Aug 3, 2023
Anyone with a share link can RESET all website data in Umami
Critical
GHSA-8www-cffh-4q98
was published
for
umami
(npm)
Jul 28, 2023
Path traversal and code execution via prototype vulnerability
Critical
CVE-2023-26045
was published
for
nodebb
(npm)
Jul 25, 2023
Mongoose Prototype Pollution vulnerability
Critical
CVE-2023-3696
was published
for
mongoose
(npm)
Jul 17, 2023
CleverTap Cordova plugin vulnerable to Cross-site Scripting
Critical
CVE-2023-2507
was published
for
clevertap-cordova
(npm)
Jul 15, 2023
protobufjs Prototype Pollution vulnerability
Critical
CVE-2023-36665
was published
for
protobufjs
(npm)
Jul 5, 2023
Parse Server vulnerable to remote code execution via MongoDB BSON parser through prototype pollution
Critical
CVE-2023-36475
was published
for
parse-server
(npm)
Jun 30, 2023
git-commit-info vulnerable to Command Injection
Critical
CVE-2023-26134
was published
for
git-commit-info
(npm)
Jun 28, 2023
Malware in pre-build binaries of bignum
Critical
GHSA-7cgc-fjv4-52x6
was published
for
bignum
(npm)
May 24, 2023
jsreport vulnerable to code injection
Critical
CVE-2023-2583
was published
for
jsreport
(npm)
May 8, 2023
appium-desktop OS Command Injection vulnerability
Critical
CVE-2023-2479
was published
for
appium-desktop
(npm)
May 2, 2023
Potential leak of authentication data to 3rd parties
Critical
CVE-2023-30846
was published
for
typed-rest-client
(npm)
Apr 27, 2023
Prototype Pollution in vConsole
Critical
CVE-2023-30363
was published
for
vconsole
(npm)
Apr 26, 2023
Remote code execution in dawnsparks-node-tesseract
Critical
CVE-2023-29566
was published
for
dawnsparks-node-tesseract
(npm)
Apr 24, 2023
Remote code execution in broccoli-compass
Critical
CVE-2023-27848
was published
for
broccoli-compass
(npm)
Apr 24, 2023
Strapi plugins vulnerable to Server-Side Template Injection and Remote Code Execution in the Users-Permissions Plugin
Critical
CVE-2023-22621
was published
for
@strapi/plugin-email
(npm)
Apr 19, 2023
@nuxtlabs/github-module made Use of Hard-coded Credentials
Critical
CVE-2023-2138
was published
for
@nuxtlabs/github-module
(npm)
Apr 18, 2023
safe-eval vulnerable to Sandbox Bypass due to improper input sanitization
Critical
CVE-2023-26122
was published
for
safe-eval
(npm)
Apr 11, 2023
ProTip!
Advisories are also available from the
GraphQL API