Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,279
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,421
Pub
12
RubyGems
891
Rust
873
Swift
36
Unreviewed advisories
All unreviewed
5,000+

1,466 advisories

Loading
@napi-rs/image affected by libwebp CVE High
GHSA-4vjr-crvh-383h was published for @napi-rs/image (npm) Sep 27, 2023
delroth
Chaijs/get-func-name vulnerable to ReDoS High
CVE-2023-43646 was published for get-func-name (npm) Sep 27, 2023
GAP-dev keithamus
FUXA local file inclusion vulnerability High
CVE-2023-31718 was published for fuxa-server (npm) Sep 22, 2023
FUXA vulnerable to Local File Inclusion High
CVE-2023-31716 was published for @frangoteam/fuxa (npm) Sep 22, 2023
FUXA SQL Injection vulnerability High
CVE-2023-31717 was published for fuxa-server (npm) Sep 22, 2023
Directus affected by VM2 sandbox escape vulnerability High
GHSA-22rr-f3p8-5gf8 was published for directus (npm) Sep 15, 2023
ganlhi Swatto
leesh3288
Strapi Improper Rate Limiting vulnerability High
CVE-2023-38507 was published for @strapi/admin (npm) Sep 13, 2023
scgajge12 derrickmehaffy
innerdvations alexandrebodin
libwebp: OOB write in BuildHuffmanTable High
CVE-2023-4863 was published for Pillow (Go) Sep 12, 2023
delroth Nachtalb
pshelton-skype
Electron's Content-Secrity-Policy disabling eval not applied consistently in renderers with sandbox disabled High
CVE-2023-23623 was published for electron (npm) Sep 6, 2023
andreasdj
Trigger `beforeFind` not invoked in internal query pipeline when fetching pointer High
CVE-2023-41058 was published for parse-server (npm) Sep 4, 2023
Moumouls mtrezza
Improper Neutralization of Script in Attributes in @dcl/single-sign-on-client High
CVE-2023-41049 was published for @dcl/single-sign-on-client (npm) Sep 4, 2023
MathJax Regular expression Denial of Service (ReDoS) High
CVE-2023-39663 was published for mathjax (npm) Aug 29, 2023
webui-aria2 Path Traversal vulnerability High
CVE-2023-39141 was published for webui-aria2 (npm) Aug 22, 2023
JafarAkhondali
Shescape on Windows escaping may be bypassed in threaded context High
CVE-2023-40185 was published for shescape (npm) Aug 22, 2023
Unsanitized user controlled input in module generation High
GHSA-f8pq-3926-8gx5 was published for @opentelemetry/instrumentation (npm) Aug 9, 2023
Qard
Angular critical CSS inlining Cross-site Scripting Vulnerability Advisory High
GHSA-r3hf-q8q7-fv2p was published for @nguniversal/common (npm) Aug 9, 2023
import-in-the-middle has unsanitized user controlled input in module generation High
CVE-2023-38704 was published for import-in-the-middle (npm) Aug 8, 2023
pnpm incorrectly parses tar archives relative to specification High
CVE-2023-37478 was published for @pnpm/cafs (npm) Aug 1, 2023
underscore-keypath vulnerable to Prototype Pollution High
CVE-2023-26139 was published for underscore-keypath (npm) Aug 1, 2023
Unsafe plugins can be installed via pack import by tenant admins High
GHSA-wxf3-4fvj-vqqx was published for @saltcorn/cli (npm) Jul 27, 2023
pyhedgehog
DoS vulnerability for apps with sockets enabled High
CVE-2023-38504 was published for sails (npm) Jul 27, 2023
ThomasRinsma DominusKelvin
eashaw
Leaking sensitive user information still possible by filtering on private with prefix fields High
CVE-2023-34235 was published for @strapi/database (npm) Jul 25, 2023
Boegie19 derrickmehaffy
innerdvations Marc-Roig Bassel17
Feathers socket handler allows abusing implicit toString High
CVE-2023-37899 was published for @feathersjs/socketio (npm) Jul 20, 2023
CodeanIO
webmention.js Cross-site Scripting vulnerability High
CVE-2023-3672 was published for webmention.js (npm) Jul 14, 2023
is_js vulnerable to Regular Expression Denial of Service High
CVE-2020-26302 was published for is_js (npm) Jul 6, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database