GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,687
Erlang
29
GitHub Actions
16
Go
1,708
Maven
4,944
npm
3,473
NuGet
603
pip
2,995
Pub
10
RubyGems
826
Rust
773
Swift
34
Unreviewed advisories
All unreviewed
5,000+
1,370 advisories
Filter by severity
Directus crashes on invalid WebSocket message
High
CVE-2023-45820
was published
for
directus
(npm)
Oct 19, 2023
Synchrony deobfuscator prototype pollution vulnerability leading to arbitrary code execution
High
CVE-2023-45811
was published
for
deobfuscator
(npm)
Oct 18, 2023
node-qpdf vulnerable to command injection
High
CVE-2023-26155
was published
for
node-qpdf
(npm)
Oct 14, 2023
Cache variables with the operations when transforms exist on the root level even if variables change in the further requests with the same operation
High
GHSA-rr4x-crhf-8886
was published
for
@graphql-mesh/runtime
(npm)
Oct 10, 2023
Uptime Kuma has Persistentent User Sessions
High
CVE-2023-44400
was published
for
uptime-kuma
(npm)
Oct 10, 2023
Prototype Pollution in NASA Open MCT
High
CVE-2023-45282
was published
for
openmct
(npm)
Oct 6, 2023
Zod denial of service vulnerability during email validation
High
GHSA-mvrp-3cvx-c325
was published
for
express-zod-api
(npm)
Oct 4, 2023
static-server Path Traversal vulnerability
High
CVE-2023-26152
was published
for
static-server
(npm)
Oct 3, 2023
Electron affected by libvpx's heap buffer overflow in vp8 encoding
High
CVE-2023-5217
was published
for
electron
(npm)
Sep 28, 2023
@napi-rs/image affected by libwebp CVE
High
GHSA-4vjr-crvh-383h
was published
for
@napi-rs/image
(npm)
Sep 27, 2023
Chaijs/get-func-name vulnerable to ReDoS
High
CVE-2023-43646
was published
for
get-func-name
(npm)
Sep 27, 2023
FUXA SQL Injection vulnerability
High
CVE-2023-31717
was published
for
fuxa-server
(npm)
Sep 22, 2023
FUXA local file inclusion vulnerability
High
CVE-2023-31718
was published
for
fuxa-server
(npm)
Sep 22, 2023
FUXA vulnerable to Local File Inclusion
High
CVE-2023-31716
was published
for
@frangoteam/fuxa
(npm)
Sep 22, 2023
Directus affected by VM2 sandbox escape vulnerability
High
GHSA-22rr-f3p8-5gf8
was published
for
directus
(npm)
Sep 15, 2023
Strapi Improper Rate Limiting vulnerability
High
CVE-2023-38507
was published
for
@strapi/admin
(npm)
Sep 13, 2023
libwebp: OOB write in BuildHuffmanTable
High
CVE-2023-4863
was published
for
Pillow
(Go)
Sep 12, 2023
Electron's Content-Secrity-Policy disabling eval not applied consistently in renderers with sandbox disabled
High
CVE-2023-23623
was published
for
electron
(npm)
Sep 6, 2023
Trigger `beforeFind` not invoked in internal query pipeline when fetching pointer
High
CVE-2023-41058
was published
for
parse-server
(npm)
Sep 4, 2023
Improper Neutralization of Script in Attributes in @dcl/single-sign-on-client
High
CVE-2023-41049
was published
for
@dcl/single-sign-on-client
(npm)
Sep 4, 2023
MathJax Regular expression Denial of Service (ReDoS)
High
CVE-2023-39663
was published
for
mathjax
(npm)
Aug 29, 2023
webui-aria2 Path Traversal vulnerability
High
CVE-2023-39141
was published
for
webui-aria2
(npm)
Aug 22, 2023
Shescape on Windows escaping may be bypassed in threaded context
High
CVE-2023-40185
was published
for
shescape
(npm)
Aug 22, 2023
Unsanitized user controlled input in module generation
High
GHSA-f8pq-3926-8gx5
was published
for
@opentelemetry/instrumentation
(npm)
Aug 9, 2023
Angular critical CSS inlining Cross-site Scripting Vulnerability Advisory
High
GHSA-r3hf-q8q7-fv2p
was published
for
@nguniversal/common
(npm)
Aug 9, 2023
ProTip!
Advisories are also available from the
GraphQL API