GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,696
Erlang
29
GitHub Actions
16
Go
1,708
Maven
4,944
npm
3,473
NuGet
603
pip
2,995
Pub
10
RubyGems
826
Rust
773
Swift
34
Unreviewed advisories
All unreviewed
5,000+
3,474 advisories
Filter by severity
Sanitize-html Vulnerable To REDoS Attacks
High
CVE-2022-25887
was published
for
sanitize-html
(npm)
Aug 31, 2022
tschaub gh-pages vulnerable to prototype pollution
Critical
CVE-2022-37611
was published
for
gh-pages
(npm)
Oct 12, 2022
mootools-more vulnerable to prototype pollution
High
CVE-2021-20088
was published
for
mootools-more
(npm)
May 24, 2022
CKEditor 4 ReDoS Vulnerability
Moderate
CVE-2021-26271
was published
for
ckeditor4-dev
(npm)
May 24, 2022
Prototype pollution vulnerability in 'deep-set'
Critical
CVE-2020-28276
was published
for
deep-set
(npm)
May 24, 2022
Shiba vulnerable to XSS leading to code execution
Moderate
CVE-2017-1000491
was published
for
shiba
(npm)
May 14, 2022
promise-probe OS command injection vulnerability
Critical
CVE-2019-10791
was published
for
promise-probe
(npm)
May 24, 2022
jqueryFileTree vulnerable to Directory Traversal
High
CVE-2017-1000170
was published
for
jqueryfiletree
(npm)
May 13, 2022
kangax html-minifier REDoS vulnerability
High
CVE-2022-37620
was published
for
html-minifier
(npm)
Oct 31, 2022
Next.js Directory Traversal Vulnerability
High
CVE-2017-16877
was published
for
next
(npm)
Dec 5, 2017
loader-utils is vulnerable to Regular Expression Denial of Service (ReDoS)
High
CVE-2022-37599
was published
for
loader-utils
(npm)
Oct 12, 2022
Regular Expression Denial of Service in remarkable
High
CVE-2019-12041
was published
for
remarkable
(npm)
Jun 6, 2019
XSS in jQuery as used in Drupal, Backdrop CMS, and other products
Moderate
CVE-2019-11358
was published
for
django
(RubyGems)
Apr 26, 2019
Regular Expression Denial Of Service in uri-js
Moderate
CVE-2017-16021
was published
for
uri-js
(npm)
Jul 24, 2018
Insufficient validation when decoding a Socket.IO packet
Critical
CVE-2022-2421
was published
for
socket.io-parser
(npm)
Oct 26, 2022
zcap has incomplete expiration checks in capability chains.
Moderate
CVE-2024-31995
was published
for
@digitalbazaar/zcap
(npm)
Apr 10, 2024
Undici's Proxy-Authorization header not cleared on cross-origin redirect for dispatch, request, stream, pipeline
Low
CVE-2024-30260
was published
for
undici
(npm)
Apr 4, 2024
@hono/node-server has Denial of Service risk when receiving Host header that cannot be parsed
High
CVE-2024-32652
was published
for
@hono/node-server
(npm)
Apr 19, 2024
Withdrawn Advisory: mariadb was malware
High
CVE-2017-16046
was published
for
mariadb
(npm)
Jul 18, 2018
•
withdrawn
Enabling Authentication does not close all logged in socket connections immediately
Low
GHSA-23q2-5gf8-gjpp
was published
for
uptime-kuma
(npm)
Apr 19, 2024
fetch(url) leads to a memory leak in undici
Moderate
CVE-2024-24750
was published
for
undici
(npm)
Feb 16, 2024
@andrei-tatar/nora-firebase-common Prototype Pollution vulnerability
High
CVE-2024-30564
was published
for
@andrei-tatar/nora-firebase-common
(npm)
Apr 18, 2024
ProTip!
Advisories are also available from the
GraphQL API