Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

69 advisories

Loading
webcrack has an Arbitrary File Write Vulnerability on Windows when Parsing and Saving a Malicious Bundle High
CVE-2024-43373 was published for webcrack (npm) Aug 14, 2024
SteakEnthusiast
socket.io has an unhandled 'error' event High
CVE-2024-38355 was published for socket.io (npm) Jun 19, 2024
Y0ursTruly
Insufficient validation when decoding a Socket.IO packet High
CVE-2023-32695 was published for socket.io-parser (npm) May 23, 2023
rafax00 darrachequesne
@discordjs/opus vulnerable to Denial of Service High
CVE-2024-21521 was published for @discordjs/opus (npm) Jul 10, 2024
vladfrangu
Uptime Kuma vulnerable to authenticated remote code execution via malicious plugin installation High
CVE-2023-36821 was published for uptime-kuma (npm) May 1, 2024
n-thumann
Joplin Remote Code Execution High
CVE-2022-40277 was published for joplin (npm) Oct 1, 2022
Unexpected server crash in Next.js. High
CVE-2021-43803 was published for next (npm) Dec 7, 2021
medikoo
Sending a GET or HEAD request with a body crashes SvelteKit High
CVE-2024-23641 was published for @sveltejs/adapter-node (npm) Jan 24, 2024
kamerat Rich-Harris
Conduitry dominikg benmccann
URIjs Hostname spoofing via backslashes in URL High
CVE-2021-27516 was published for urijs (npm) Mar 1, 2021
Yaniv-git
Prototype Pollution in y18n High
CVE-2020-7774 was published for y18n (npm) Mar 29, 2021
Incorrect protocol extraction via \r, \n and \t characters High
CVE-2022-1243 was published for urijs (npm) Apr 6, 2022
Haxatron chrisbloom7
Prototype pollution in object-path High
CVE-2020-15256 was published for object-path (npm) Oct 19, 2020
alromh87 JamieSlome
Asjidkalam huntr-helper
SQL Injection in sequelize High
CVE-2019-11069 was published for sequelize (npm) Apr 11, 2019
tdunlap607
json-web-token library is vulnerable to a JWT algorithm confusion attack High
CVE-2023-48238 was published for json-web-token (npm) Nov 17, 2023
PinkDraconian
import-in-the-middle has unsanitized user controlled input in module generation High
CVE-2023-38704 was published for import-in-the-middle (npm) Aug 8, 2023
keep-module-latest vulnerable to Command Injection due to missing input sanitization High
CVE-2023-26128 was published for keep-module-latest (npm) May 27, 2023
bson-objectid contains Improper input validation High
CVE-2019-19729 was published for bson-objectid (npm) May 24, 2022
Cezerin Unauthorized Acces High
CVE-2019-18608 was published for cezerin (npm) May 24, 2022
decode-uri-component vulnerable to Denial of Service (DoS) High
CVE-2022-38900 was published for decode-uri-component (npm) Nov 28, 2022
G-Rath
parse-server crashes when receiving file download request with invalid byte range High
CVE-2022-39313 was published for parse-server (npm) Oct 18, 2022
hej2010 tdunlap607
Mosca REDoS Vulnerability High
CVE-2018-11615 was published for mosca (npm) Aug 31, 2018
Electron Vulnerable to Code Execution by Re-Enabling Node.js Integration High
CVE-2018-1000136 was published for electron (npm) Mar 26, 2018
Churro
Header Forgery in http-signature High
CVE-2017-16005 was published for http-signature (npm) Nov 9, 2018
ejs vulnerable to DoS due to weak input validation High
CVE-2017-1000189 was published for ejs (npm) Mar 5, 2018
Denial of service vulnerability exists in libxmljs High
CVE-2022-21144 was published for libxmljs (npm) May 3, 2022
ProTip! Advisories are also available from the GraphQL API