Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,941
Erlang
29
GitHub Actions
16
Go
1,722
Maven
4,952
npm
3,481
NuGet
605
pip
3,049
Pub
10
RubyGems
832
Rust
778
Swift
34
Unreviewed advisories
All unreviewed
5,000+

29 advisories

AWS Amplify CLI has incorrect trust policy management High
CVE-2024-28056 was published for @aws-amplify/cli (npm) Apr 15, 2024
Escalation of privileges in @sap/xssec Critical
CVE-2023-49583 was published for @sap/xssec (npm) Dec 12, 2023
leon-vg
Arbitrary remote code execution within `wrangler dev` Workers sandbox Critical
CVE-2023-7080 was published for wrangler (npm) Jan 3, 2024
Lekensteyn
Improper Privilege Management in Azure ms-rest-nodeauth High
CVE-2021-28458 was published for @azure/ms-rest-nodeauth (npm) May 24, 2022
Improper Privilege Management in shelljs High
CVE-2022-0144 was published for shelljs (npm) Jan 21, 2022
grunt-images downloads Resources over HTTP High
CVE-2016-10645 was published for grunt-images (npm) Aug 15, 2018
fis-sass-all downloads Resources over HTTP High
CVE-2016-10686 was published for fis-sass-all (npm) Aug 17, 2018
ipip downloads Resources over HTTP High
CVE-2016-10594 was published for ipip (npm) Feb 18, 2019
dwebp-bin downloads Resources over HTTP High
CVE-2016-10633 was published for dwebp-bin (npm) Feb 18, 2019
ibapi downloads Resources over HTTP High
CVE-2016-10593 was published for ibapi (npm) Feb 18, 2019
marionette-socket-host downloads Resources over HTTP High
CVE-2016-10648 was published for marionette-socket-host (npm) Aug 15, 2018
TimelockController vulnerability in OpenZeppelin Contracts Critical
CVE-2021-39167 was published for @openzeppelin/contracts (npm) Aug 30, 2021
TimelockController vulnerability in OpenZeppelin Contracts Critical
CVE-2021-39168 was published for @openzeppelin/contracts-upgradeable (npm) Aug 30, 2021
Privilege escalation: all users can access Admin-level API keys Moderate
CVE-2021-39192 was published for ghost (npm) Jul 22, 2021
zn9988
npm Vulnerable to Global node_modules Binary Overwrite High
CVE-2019-16777 was published for npm (npm) Dec 13, 2019
DanielRuf
matrix-appservice-irc vulnerable to IRC mode parameter confusion Moderate
CVE-2022-39202 was published for matrix-appservice-irc (npm) Sep 15, 2022
Parsing issue in matrix-org/node-irc leading to room takeovers High
CVE-2022-39203 was published for matrix-appservice-irc (npm) Sep 15, 2022
wonda-tea-coffee
Improper Privilege Management in NocoDB High
CVE-2022-2063 was published for nocodb (npm) Jun 14, 2022
Any logged in user could edit any other logged in user. High
CVE-2021-29452 was published for @curveball/a12n-server (npm) Apr 19, 2021
Improper Privilege Management in shelljs Moderate
GHSA-64g7-mvw6-v9qj was published for shelljs (npm) Jan 14, 2022
Downloads Resources over HTTP in openframe-image High
CVE-2016-10616 was published for openframe-image (npm) Feb 18, 2019
Downloads Resources over HTTP in openframe-glslviewer High
CVE-2016-10607 was published for openframe-glslviewer (npm) Feb 18, 2019
Downloads Resources over HTTP in cobalt-cli High
CVE-2016-10597 was published for cobalt-cli (npm) Feb 18, 2019
Downloads Resources over HTTP in haxe High
CVE-2016-10602 was published for haxe (npm) Feb 18, 2019
Downloads Resources over HTTP in prince High
CVE-2016-10591 was published for prince (npm) Feb 18, 2019
ProTip! Advisories are also available from the GraphQL API