Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,683
Erlang
29
GitHub Actions
16
Go
1,708
Maven
4,944
npm
3,473
NuGet
603
pip
2,995
Pub
10
RubyGems
826
Rust
773
Swift
34
Unreviewed advisories
All unreviewed
5,000+

1,026 advisories

Follow Redirects improperly handles URLs in the url.parse() function Moderate
CVE-2023-26159 was published for follow-redirects (npm) Jan 2, 2024
iainsproat
Layui cross-site scripting (XSS) vulnerability Moderate
CVE-2023-50550 was published for layui (npm) Dec 30, 2023
blinksocks has weak encryption algorithms Moderate
CVE-2023-50481 was published for blinksocks (npm) Dec 21, 2023
Named path parameters can be overridden in TrieRouter Moderate
CVE-2023-50710 was published for hono (npm) Dec 15, 2023
Cube API denial of service attack Moderate
CVE-2023-50709 was published for @cubejs-backend/api-gateway (npm) Dec 13, 2023
Password Change Vulnerability Moderate
CVE-2023-49804 was published for uptime-kuma (npm) Dec 12, 2023
manoonabbasi
OpenZeppelin Contracts and Contracts Upgradeable duplicated execution of subcalls in v4.9.4 Moderate
CVE-2023-49798 was published for @openzeppelin/contracts (npm) Dec 12, 2023
Cross Site Scripting in evershop Moderate
CVE-2023-46494 was published for @evershop/evershop (npm) Dec 8, 2023
Directory Traversal in evershop Moderate
CVE-2023-46497 was published for @evershop/evershop (npm) Dec 8, 2023
Cross-site Scripting in evershop Moderate
CVE-2023-46499 was published for @evershop/evershop (npm) Dec 8, 2023
Directory Traversal in evershop Moderate
CVE-2023-46493 was published for @evershop/evershop (npm) Dec 8, 2023
Cross-site Scripting in evershop Moderate
CVE-2023-46495 was published for @evershop/evershop (npm) Dec 8, 2023
Directory Traversal in Gladys Assistant Moderate
CVE-2023-47440 was published for gladys (npm) Dec 7, 2023
pubnub Insufficient Entropy vulnerability Moderate
CVE-2023-26154 was published for Pubnub (RubyGems) Dec 6, 2023
Vite XSS vulnerability in `server.transformIndexHtml` via URL payload Moderate
CVE-2023-49293 was published for vite (npm) Dec 5, 2023
mxxk
Logging of the firestore key within nodejs-firestore Moderate
CVE-2023-6460 was published for @google-cloud/firestore (npm) Dec 4, 2023
ASAR Integrity bypass via filetype confusion in electron Moderate
CVE-2023-44402 was published for electron (npm) Dec 1, 2023
MarshallOfSound
@adobe/css-tools Improper Input Validation and Inefficient Regular Expression Complexity Moderate
CVE-2023-48631 was published for @adobe/css-tools (npm) Nov 30, 2023
Uptime Kuma Authenticated remote code execution via TailscalePing Moderate
GHSA-hfxh-rjv7-2369 was published for uptime-kuma (npm) Nov 27, 2023
vaadata-pascala
Attribute Injection leading to XSS(Cross-Site-Scripting) Moderate
CVE-2023-49276 was published for uptime-kuma (npm) Nov 24, 2023
gtg2619
Possible user mocking that bypasses basic authentication Moderate
CVE-2023-48309 was published for next-auth (npm) Nov 20, 2023
securing dastaj
magnunm balazsorban44 ThangHuuVu
Bypass of field access control in strapi-plugin-protected-populate Moderate
CVE-2023-48218 was published for strapi-plugin-protected-populate (npm) Nov 20, 2023
JWT Algorithm Confusion Moderate
CVE-2023-48223 was published for fast-jwt (npm) Nov 20, 2023
PinkDraconian
@vendure/core's insecure currencyCode handling allows wrong payment amounts Moderate
GHSA-wm63-7627-ch33 was published for @vendure/core (npm) Nov 17, 2023
seminarian
Duplicate Advisory: CKEditor Cross-site Scripting vulnerability Moderate
GHSA-hxjc-9j8v-v9pr was published for ckeditor4 (npm) Nov 16, 2023 withdrawn
ProTip! Advisories are also available from the GraphQL API