GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,279
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,421
Pub
12
RubyGems
891
Rust
873
Swift
36
Unreviewed advisories
All unreviewed
5,000+
162 advisories
Filter by severity
Prototype Pollution in node-forge util.setPath API
Low
GHSA-wxgw-qj99-44c2
was published
for
node-forge
(npm)
Jan 8, 2022
sweetalert2 v8.19.1 and above contains hidden functionality
Low
GHSA-8jh9-wqpf-q52c
was published
for
sweetalert2
(npm)
Nov 23, 2022
sweetalert2 v9.17.4 and above contains hidden functionality
Low
GHSA-pg98-6v7f-2xfv
was published
for
sweetalert2
(npm)
Nov 23, 2022
sweetalert2 v10.16.10 and above contains hidden functionality
Low
GHSA-457r-cqc8-9vj9
was published
for
sweetalert2
(npm)
Nov 23, 2022
Hidden functionality in node-ipc
Low
GHSA-8gr3-2gjw-jj7g
was published
for
node-ipc
(npm)
Mar 16, 2022
Inconsistent storage layout for ERC2771ContextUpgradeable
Low
GHSA-7j52-6fjp-58gr
was published
for
@openzeppelin/contracts-upgradeable
(npm)
Mar 14, 2022
ircdkit vulnerable to Denial of Service due to unhandled connection end event
Low
GHSA-f7r3-p866-q9qr
was published
for
ircdkit
(npm)
Jun 3, 2019
express-basic-auth Timing Attack due to native string comparison instead of constant time string comparison
Low
GHSA-c35v-qwqg-87jc
was published
for
express-basic-auth
(npm)
Jun 6, 2019
URL parsing in node-forge could lead to undesired behavior.
Low
GHSA-gf8q-jrpm-jvxq
was published
for
node-forge
(npm)
Jan 8, 2022
personnummer/js vulnerable to Improper Input Validation
Low
GHSA-vpgc-7h78-gx8f
was published
for
personnummer
(npm)
Sep 4, 2020
Command Injection in moment-timezone
Low
GHSA-56x4-j7p9-fcf9
was published
for
moment-timezone
(npm)
Aug 30, 2022
Cross-site Scripting in bootstrap-table
Low
CVE-2021-23472
was published
for
bootstrap-table
(npm)
Nov 8, 2021
Compromised child renderer processes could obtain IPC access without nodeIntegrationInSubFrames being enabled
Low
CVE-2022-29247
was published
for
electron
(npm)
Jun 16, 2022
parse-server auth adapter app ID validation can be circumvented
Low
CVE-2022-39231
was published
for
parse-server
(npm)
Sep 21, 2022
next-auth before v4.10.2 and v3.29.9 leaks excessive information into log
Low
CVE-2022-31186
was published
for
next-auth
(npm)
Aug 6, 2022
Regular expression denial of service in markdown-link-extractor
Low
CVE-2021-43308
was published
for
markdown-link-extractor
(npm)
Jun 3, 2022
Improper Control of Generation of Code ('Code Injection') in mdx-mermaid
Low
CVE-2022-36036
was published
for
mdx-mermaid
(npm)
Aug 31, 2022
jquery.terminal self XSS on user input
Low
CVE-2021-43862
was published
for
jquery.terminal
(npm)
Jan 6, 2022
undici before v5.8.0 vulnerable to uncleared cookies on cross-host / cross-origin redirect
Low
CVE-2022-31151
was published
for
undici
(npm)
Jul 21, 2022
Environment Variable Injection in GitHub Actions
Low
CVE-2020-15228
was published
for
@actions/core
(npm)
Oct 1, 2020
Unprotected dynamically loaded chunks
Low
CVE-2020-15262
was published
for
webpack-subresource-integrity
(npm)
Oct 19, 2020
Denial of service in fast-csv
Low
CVE-2020-26256
was published
for
@fast-csv/parse
(npm)
Dec 8, 2020
Regular Expression Denial of Service (ReDoS) in braces
Low
CVE-2018-1109
was published
for
braces
(npm)
Jan 6, 2022
Parse Server stores password in plain text
Low
CVE-2020-26288
was published
for
parse-server
(npm)
Dec 28, 2020
ProTip!
Advisories are also available from the
GraphQL API