GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,279
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,421
Pub
12
RubyGems
891
Rust
873
Swift
36
Unreviewed advisories
All unreviewed
5,000+
36 advisories
Filter by severity
Vendure asset server plugin has local file read vulnerability with AssetServerPlugin & LocalAssetStorageStrategy
Critical
CVE-2024-48914
was published
for
@vendure/asset-server-plugin
(npm)
Oct 15, 2024
Server crashes on invalid Cloud Function or Cloud Job name
Critical
CVE-2024-29027
was published
for
parse-server
(npm)
Mar 19, 2024
SES's dynamic import and spread operator provides possible path to arbitrary exfiltration and execution
Critical
CVE-2023-39532
was published
for
ses
(npm)
Aug 9, 2023
xmldom allows multiple root nodes in a DOM
Critical
CVE-2022-39353
was published
for
@xmldom/xmldom
(npm)
Nov 1, 2022
Insufficient validation when decoding a Socket.IO packet
Critical
CVE-2022-2421
was published
for
socket.io-parser
(npm)
Oct 26, 2022
isolated-vm has vulnerable CachedDataOptions in API
Critical
CVE-2022-39266
was published
for
isolated-vm
(npm)
Sep 30, 2022
loopback-connector-postgresql Vulnerable to Improper Sanitization of `contains` Filter
Critical
CVE-2022-35942
was published
for
loopback-connector-postgresql
(npm)
Aug 11, 2022
NextAuth.js before 4.10.3 and 3.29.10 sending verification requests (magic link) to unwanted emails
Critical
CVE-2022-35924
was published
for
next-auth
(npm)
Aug 2, 2022
linux-cmdline is vulnerable to Prototype Pollution via the constructor
Critical
CVE-2020-7704
was published
for
linux-cmdline
(npm)
May 24, 2022
Etherpad Lite Access Restriction Bypass
Critical
CVE-2018-6835
was published
for
ep_etherpad-lite
(npm)
May 13, 2022
Nuclide Improper Input Validation
Critical
CVE-2018-6333
was published
for
nuclide
(npm)
May 13, 2022
Remote Code Execution in npm-groovy-lint
Critical
GHSA-qc22-qwm9-j8rx
was published
for
npm-groovy-lint
(npm)
Dec 20, 2021
Improper parsing of octal bytes in netmask
Critical
CVE-2021-28918
was published
for
netmask
(npm)
Apr 14, 2021
Remote code execution in mongo-express
Critical
CVE-2020-24391
was published
for
mongodb-query-parser
(npm)
Apr 13, 2021
Improper Input Validation in network-manager
Critical
CVE-2019-10786
was published
for
network-manager
(npm)
Apr 13, 2021
Command Injection in npm-programmatic
Critical
CVE-2020-7614
was published
for
npm-programmatic
(npm)
Apr 23, 2020
Sandbox Breakout / Arbitrary Code Execution in safer-eval
Critical
CVE-2019-10769
was published
for
safer-eval
(npm)
Dec 11, 2019
Critical severity vulnerability that affects slpjs
Critical
CVE-2019-16762
was published
for
slpjs
(npm)
Nov 15, 2019
Validation Bypass in slp-validate
Critical
CVE-2019-16761
was published
for
slp-validate
(npm)
Nov 15, 2019
ProTip!
Advisories are also available from the
GraphQL API