Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,683
Erlang
29
GitHub Actions
16
Go
1,708
Maven
4,944
npm
3,473
NuGet
603
pip
2,995
Pub
10
RubyGems
826
Rust
773
Swift
34
Unreviewed advisories
All unreviewed
5,000+

1,026 advisories

TinyMCE vulnerable to mutation Cross-site Scripting via special characters in unescaped text nodes Moderate
CVE-2023-48219 was published for TinyMCE (Composer) Nov 15, 2023
masatokinugawa
DOMPurify Open Redirect vulnerability Moderate
CVE-2019-25155 was published for dompurify (npm) Nov 14, 2023
Cross-site Scripting in cesium Moderate
CVE-2023-48094 was published for cesium (npm) Nov 14, 2023 withdrawn
juburr
Bootbox.js Cross Site Scripting vulnerability Moderate
CVE-2023-46998 was published for bootbox (npm) Nov 14, 2023
Sentry Next.js vulnerable to SSRF via Next.js SDK tunnel endpoint Moderate
CVE-2023-46729 was published for @sentry/nextjs (npm) Nov 9, 2023
NASA Open MCT Cross Site Request Forgery (CSRF) vulnerability Moderate
CVE-2023-45884 was published for openmct (npm) Nov 9, 2023
MarkLee131
NASA Open MCT Cross Site Scripting vulnerability Moderate
CVE-2023-45885 was published for openmct (npm) Nov 9, 2023
MarkLee131
chromedriver Command Injection vulnerability Moderate
CVE-2023-26156 was published for chromedriver (npm) Nov 9, 2023
Axios Cross-Site Request Forgery Vulnerability Moderate
CVE-2023-45857 was published for axios (npm) Nov 8, 2023
vintagesucks danewilson
cordova-plugin-fingerprint-aio DoS vulnerability Moderate
CVE-2021-43849 was published for cordova-plugin-fingerprint-aio (npm) Nov 2, 2023
0xWise64
TinyMCE XSS vulnerability in notificationManager.open API Moderate
CVE-2023-45819 was published for TinyMCE (Composer) Oct 19, 2023
philipsinnott
TinyMCE mXSS vulnerability in undo/redo, getContent API, resetContent API, and Autosave plugin Moderate
CVE-2023-45818 was published for TinyMCE (Composer) Oct 19, 2023
masatokinugawa
React Developer Tools extension Improper Authorization vulnerability Moderate
CVE-2023-5654 was published for react-devtools-core (npm) Oct 19, 2023
nocodb SQL Injection vulnerability Moderate
CVE-2023-43794 was published for nocodb (npm) Oct 17, 2023
sylwia-budzynska
Improper Input Validation in vriteio/vrite Moderate
CVE-2023-5571 was published for @vrite/sdk (npm) Oct 13, 2023
Allocation of Resources Without Limits or Throttling in vriteio/vrite Moderate
CVE-2023-5573 was published for @vrite/sdk (npm) Oct 13, 2023
PostCSS line return parsing error Moderate
CVE-2023-44270 was published for postcss (npm) Sep 30, 2023
DCKcode
quill-mention Cross-site Scripting vulnerability Moderate
CVE-2023-26149 was published for quill-mention (npm) Sep 28, 2023
Improper Input Validation in nocodb Moderate
CVE-2023-5104 was published for nocodb (npm) Sep 21, 2023
graphql Uncontrolled Resource Consumption vulnerability Moderate
CVE-2023-26144 was published for graphql (npm) Sep 20, 2023
Jodit Editor vulnerable to cross-site scripting Moderate
CVE-2023-42399 was published for jodit (npm) Sep 19, 2023
blamer vulnerable to Arbitrary Argument Injection via the blameByFile() API Moderate
CVE-2023-26143 was published for blamer (npm) Sep 19, 2023
Strapi's field level permissions not being respected in relationship title Moderate
CVE-2023-37263 was published for @strapi/plugin-content-manager (npm) Sep 13, 2023
Boegie19 derrickmehaffy
alexandrebodin
Strapi may leak sensitive user information, user reset password, tokens via content-manager views Moderate
CVE-2023-36472 was published for @strapi/admin (npm) Sep 13, 2023
Boegie19 derrickmehaffy
alexandrebodin
Buttercup allows attackers to obtain the hash of the master password Moderate
CVE-2023-41646 was published for buttercup (npm) Sep 8, 2023
perry-mitchell
ProTip! Advisories are also available from the GraphQL API