Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,687
Erlang
29
GitHub Actions
16
Go
1,708
Maven
4,944
npm
3,473
NuGet
603
pip
2,995
Pub
10
RubyGems
826
Rust
773
Swift
34
Unreviewed advisories
All unreviewed
5,000+

1,370 advisories

Directus crashes on invalid WebSocket message High
CVE-2023-45820 was published for directus (npm) Oct 19, 2023
nles
Synchrony deobfuscator prototype pollution vulnerability leading to arbitrary code execution High
CVE-2023-45811 was published for deobfuscator (npm) Oct 18, 2023
SteakEnthusiast
node-qpdf vulnerable to command injection High
CVE-2023-26155 was published for node-qpdf (npm) Oct 14, 2023
Cache variables with the operations when transforms exist on the root level even if variables change in the further requests with the same operation High
GHSA-rr4x-crhf-8886 was published for @graphql-mesh/runtime (npm) Oct 10, 2023
ardatan khell
Uptime Kuma has Persistentent User Sessions High
CVE-2023-44400 was published for uptime-kuma (npm) Oct 10, 2023
Nansess dj4oC
Prototype Pollution in NASA Open MCT High
CVE-2023-45282 was published for openmct (npm) Oct 6, 2023
Zod denial of service vulnerability during email validation High
GHSA-mvrp-3cvx-c325 was published for express-zod-api (npm) Oct 4, 2023
static-server Path Traversal vulnerability High
CVE-2023-26152 was published for static-server (npm) Oct 3, 2023
Electron affected by libvpx's heap buffer overflow in vp8 encoding High
CVE-2023-5217 was published for electron (npm) Sep 28, 2023
janparisek Tech-TTGames
@napi-rs/image affected by libwebp CVE High
GHSA-4vjr-crvh-383h was published for @napi-rs/image (npm) Sep 27, 2023
delroth
Chaijs/get-func-name vulnerable to ReDoS High
CVE-2023-43646 was published for get-func-name (npm) Sep 27, 2023
GAP-dev keithamus
FUXA SQL Injection vulnerability High
CVE-2023-31717 was published for fuxa-server (npm) Sep 22, 2023
FUXA local file inclusion vulnerability High
CVE-2023-31718 was published for fuxa-server (npm) Sep 22, 2023
FUXA vulnerable to Local File Inclusion High
CVE-2023-31716 was published for @frangoteam/fuxa (npm) Sep 22, 2023
Directus affected by VM2 sandbox escape vulnerability High
GHSA-22rr-f3p8-5gf8 was published for directus (npm) Sep 15, 2023
ganlhi Swatto
leesh3288
Strapi Improper Rate Limiting vulnerability High
CVE-2023-38507 was published for @strapi/admin (npm) Sep 13, 2023
scgajge12 derrickmehaffy
innerdvations alexandrebodin
libwebp: OOB write in BuildHuffmanTable High
CVE-2023-4863 was published for Pillow (Go) Sep 12, 2023
delroth Nachtalb
pshelton-skype
Electron's Content-Secrity-Policy disabling eval not applied consistently in renderers with sandbox disabled High
CVE-2023-23623 was published for electron (npm) Sep 6, 2023
andreasdj
Trigger `beforeFind` not invoked in internal query pipeline when fetching pointer High
CVE-2023-41058 was published for parse-server (npm) Sep 4, 2023
Moumouls mtrezza
Improper Neutralization of Script in Attributes in @dcl/single-sign-on-client High
CVE-2023-41049 was published for @dcl/single-sign-on-client (npm) Sep 4, 2023
MathJax Regular expression Denial of Service (ReDoS) High
CVE-2023-39663 was published for mathjax (npm) Aug 29, 2023
webui-aria2 Path Traversal vulnerability High
CVE-2023-39141 was published for webui-aria2 (npm) Aug 22, 2023
JafarAkhondali
Shescape on Windows escaping may be bypassed in threaded context High
CVE-2023-40185 was published for shescape (npm) Aug 22, 2023
Unsanitized user controlled input in module generation High
GHSA-f8pq-3926-8gx5 was published for @opentelemetry/instrumentation (npm) Aug 9, 2023
Qard
Angular critical CSS inlining Cross-site Scripting Vulnerability Advisory High
GHSA-r3hf-q8q7-fv2p was published for @nguniversal/common (npm) Aug 9, 2023
ProTip! Advisories are also available from the GraphQL API