Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,941
Erlang
29
GitHub Actions
16
Go
1,722
Maven
4,952
npm
3,481
NuGet
605
pip
3,049
Pub
10
RubyGems
832
Rust
778
Swift
34
Unreviewed advisories
All unreviewed
5,000+

138 advisories

Uptime Kuma vulnerable to authenticated remote code execution via malicious plugin installation High
CVE-2023-36821 was published for uptime-kuma (npm) May 1, 2024
n-thumann
mysql2 cache poisoning vulnerability Moderate
CVE-2024-21507 was published for mysql2 (npm) Apr 10, 2024
Cache Poisoning Vulnerability Moderate
CVE-2024-29042 was published for translate (npm) Mar 22, 2024
PinkDraconian
Server crashes on invalid Cloud Function or Cloud Job name Critical
CVE-2024-29027 was published for parse-server (npm) Mar 19, 2024
mtrezza EhsanParsania
Sending a GET or HEAD request with a body crashes SvelteKit High
CVE-2024-23641 was published for @sveltejs/adapter-node (npm) Jan 24, 2024
kamerat Rich-Harris
Conduitry dominikg benmccann
Follow Redirects improperly handles URLs in the url.parse() function Moderate
CVE-2023-26159 was published for follow-redirects (npm) Jan 2, 2024
iainsproat
Cube API denial of service attack Moderate
CVE-2023-50709 was published for @cubejs-backend/api-gateway (npm) Dec 13, 2023
@adobe/css-tools Improper Input Validation and Inefficient Regular Expression Complexity Moderate
CVE-2023-48631 was published for @adobe/css-tools (npm) Nov 30, 2023
JWT Algorithm Confusion Moderate
CVE-2023-48223 was published for fast-jwt (npm) Nov 20, 2023
PinkDraconian
json-web-token library is vulnerable to a JWT algorithm confusion attack High
CVE-2023-48238 was published for json-web-token (npm) Nov 17, 2023
PinkDraconian
Improper Input Validation in vriteio/vrite Moderate
CVE-2023-5571 was published for @vrite/sdk (npm) Oct 13, 2023
Improper Input Validation in nocodb Moderate
CVE-2023-5104 was published for nocodb (npm) Sep 21, 2023
@adobe/css-tools Regular Expression Denial of Service (ReDOS) while Parsing CSS Moderate
CVE-2023-26364 was published for @adobe/css-tools (npm) Aug 29, 2023
SES's dynamic import and spread operator provides possible path to arbitrary exfiltration and execution Critical
CVE-2023-39532 was published for ses (npm) Aug 9, 2023
corrideat
import-in-the-middle has unsanitized user controlled input in module generation High
CVE-2023-38704 was published for import-in-the-middle (npm) Aug 8, 2023
matrix-appservice-irc IRC command injection via admin commands containing newlines Moderate
CVE-2023-38690 was published for matrix-appservice-irc (npm) Aug 4, 2023
keep-module-latest vulnerable to Command Injection due to missing input sanitization High
CVE-2023-26128 was published for keep-module-latest (npm) May 27, 2023
Insufficient validation when decoding a Socket.IO packet High
CVE-2023-32695 was published for socket.io-parser (npm) May 23, 2023
rafax00 darrachequesne
Invalid push request payload crashes Parse Server Moderate
CVE-2023-32688 was published for parse-server-push-adapter (npm) May 22, 2023
dblythy mtrezza
GovernorCompatibilityBravo may trim proposal calldata High
CVE-2023-30542 was published for @openzeppelin/contracts (npm) Apr 20, 2023
is-http2 vulnerable to Improper Input Validation High
CVE-2022-25906 was published for is-http2 (npm) Feb 1, 2023
gatsby-transformer-remark has possible unsanitized JavaScript code injection High
CVE-2023-22491 was published for gatsby-transformer-remark (npm) Jan 11, 2023
jsonwebtoken has insecure input validation in jwt.verify function High
CVE-2022-23529 was published for jsonwebtoken (npm) Dec 22, 2022 withdrawn
decode-uri-component vulnerable to Denial of Service (DoS) High
CVE-2022-38900 was published for decode-uri-component (npm) Nov 28, 2022
G-Rath
xmldom allows multiple root nodes in a DOM Critical
CVE-2022-39353 was published for @xmldom/xmldom (npm) Nov 1, 2022
frumioj karfau
kurt-r2c
ProTip! Advisories are also available from the GraphQL API