Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,279
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,421
Pub
12
RubyGems
891
Rust
873
Swift
36
Unreviewed advisories
All unreviewed
5,000+

1,466 advisories

Loading
Unauthenticated Denial of Service in the octokit/webhooks library High
CVE-2023-50728 was published for @octokit/app (npm) Dec 16, 2023
SSRF & Credentials Leak High
CVE-2023-49799 was published for nuxt-api-party (npm) Dec 12, 2023
OhB00
Overly permissive origin policy High
CVE-2023-49803 was published for @koa/cors (npm) Dec 11, 2023
PawelJ-PL
DOS by abusing `fetchOptions.retry`. High
CVE-2023-49800 was published for nuxt-api-party (npm) Dec 11, 2023
OhB00
Directory Traversal in evershop High
CVE-2023-46496 was published for @evershop/evershop (npm) Dec 8, 2023
mockjs vulnerable to Prototype Pollution via the Util.extend function High
CVE-2023-26158 was published for mockjs (npm) Dec 8, 2023
sequelize-typescript Prototype Pollution vulnerability High
CVE-2023-6293 was published for sequelize-typescript (npm) Nov 24, 2023
json-web-token library is vulnerable to a JWT algorithm confusion attack High
CVE-2023-48238 was published for json-web-token (npm) Nov 17, 2023
PinkDraconian
sharp vulnerability in libwebp dependency CVE-2023-4863 High
GHSA-54xq-cgqr-rpm3 was published for sharp (npm) Nov 16, 2023
Prototype Pollution(PP) vulnerability in setByPath High
CVE-2023-45827 was published for @clickbar/dot-diver (npm) Nov 3, 2023
d3ng03 GAP-dev
Unauthorized Access to Private Fields in User Registration API High
CVE-2023-39345 was published for @strapi/plugin-users-permissions (npm) Nov 3, 2023
dogusdeniz innerdvations
derrickmehaffy christiancp100
generator-jhipster allows a timing attack against validateToken due to a string comparison that stops at the first character High
CVE-2015-20110 was published for generator-jhipster (npm) Oct 31, 2023
browserify-sign upper bound check issue in `dsaVerify` leads to a signature forgery attack High
CVE-2023-46234 was published for browserify-sign (npm) Oct 26, 2023
roadicing ljharb
katzj
Inefficient Regular Expression Complexity in node-email-check High
CVE-2023-39619 was published for node-email-check (npm) Oct 25, 2023
matveybaykalov
Parse Server may crash when uploading file without extension High
CVE-2023-46119 was published for parse-server (npm) Oct 24, 2023
chriscborg mtrezza
Tauri's Updater Private Keys Possibly Leaked via Vite Environment Variables High
CVE-2023-46115 was published for @tauri-apps/cli (npm) Oct 20, 2023
Directus crashes on invalid WebSocket message High
CVE-2023-45820 was published for directus (npm) Oct 19, 2023
nles
Synchrony deobfuscator prototype pollution vulnerability leading to arbitrary code execution High
CVE-2023-45811 was published for deobfuscator (npm) Oct 18, 2023
SteakEnthusiast
node-qpdf vulnerable to command injection High
CVE-2023-26155 was published for node-qpdf (npm) Oct 14, 2023
Cache variables with the operations when transforms exist on the root level even if variables change in the further requests with the same operation High
GHSA-rr4x-crhf-8886 was published for @graphql-mesh/runtime (npm) Oct 10, 2023
ardatan khell
Uptime Kuma has Persistentent User Sessions High
CVE-2023-44400 was published for uptime-kuma (npm) Oct 10, 2023
Nansess dj4oC
Prototype Pollution in NASA Open MCT High
CVE-2023-45282 was published for openmct (npm) Oct 6, 2023
Zod denial of service vulnerability during email validation High
GHSA-mvrp-3cvx-c325 was published for express-zod-api (npm) Oct 4, 2023
static-server Path Traversal vulnerability High
CVE-2023-26152 was published for static-server (npm) Oct 3, 2023
Electron affected by libvpx's heap buffer overflow in vp8 encoding High
CVE-2023-5217 was published for electron (npm) Sep 28, 2023
janparisek Tech-TTGames
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database