GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,273
Erlang
31
GitHub Actions
21
Go
2,055
Maven
5,000+
npm
3,739
NuGet
668
pip
3,417
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
47 advisories
Filter by severity
The Your Journey theme for WordPress is vulnerable to Reflected Cross-Site Scripting via...
Moderate
Unreviewed
CVE-2023-3933
was published
Oct 20, 2023
The Winters theme for WordPress is vulnerable to Reflected Cross-Site Scripting via prototype...
Moderate
Unreviewed
CVE-2023-3962
was published
Oct 20, 2023
The Popup by Supsystic WordPress plugin before 1.10.19 has a prototype pollution vulnerability...
Critical
Unreviewed
CVE-2023-3186
was published
Jul 17, 2023
A prototype pollution vulnerability exists in Strikingly CMS which can result in reflected cross...
Moderate
Unreviewed
CVE-2023-2582
was published
May 8, 2023
A prototype pollution vulnerability exists in Rocket.Chat server <5.2.0 that could allow an...
High
Unreviewed
CVE-2023-23917
was published
Feb 23, 2023
Prototype Pollution in Visioweb.js 1.10.6 allows attackers to execute XSS on the client system.
Moderate
Unreviewed
CVE-2022-3901
was published
Feb 20, 2023
If an attacker was able to corrupt the methods of an Array object in JavaScript via prototype...
High
Unreviewed
CVE-2022-1802
was published
Dec 22, 2022
An attacker could have sent a message to the parent process where the contents were used to...
High
Unreviewed
CVE-2022-1529
was published
Dec 22, 2022
If an object prototype was corrupted by an attacker, they would have been able to set undesired...
High
Unreviewed
CVE-2022-2200
was published
Dec 22, 2022
Prototype pollution vulnerability in function DEFNODE in ast.js in mishoo UglifyJS 3.13.2 via the...
Critical
Unreviewed
CVE-2022-37598
was published
Oct 20, 2022
Prototype pollution vulnerability in beautify-web js-beautify 1.13.7 via the name variable in...
Critical
Unreviewed
CVE-2022-37609
was published
Oct 12, 2022
A vulnerability found in postgresql. On this security issue an attack requires permission to...
High
Unreviewed
CVE-2022-2625
was published
Aug 19, 2022
Beaker before 0.8.9 allows a sandbox escape, enabling system access and code execution. This...
Critical
Unreviewed
CVE-2020-12079
was published
May 24, 2022
SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP object injection in the UpgradeWizard...
Moderate
Unreviewed
CVE-2019-17317
was published
May 24, 2022
SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP object injection in the Administration...
Moderate
Unreviewed
CVE-2019-17315
was published
May 24, 2022
SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP object injection in the Import module by a...
Moderate
Unreviewed
CVE-2019-17316
was published
May 24, 2022
An issue was discovered in CMS Made Simple 2.2.8. In the administrator page admin/changegroupperm...
High
Unreviewed
CVE-2019-9058
was published
May 13, 2022
admin/partials/wp-splashing-admin-main.php in the Splashing Images plugin (wp-splashing-images)...
High
Unreviewed
CVE-2018-6195
was published
May 13, 2022
The script '/adminui/error_details.php' in the Quest KACE System Management Appliance 8.0.318...
High
Unreviewed
CVE-2018-11135
was published
May 13, 2022
The jQuery deserialize library in Fisheye and Crucible before version 4.8.9 allowed remote...
Moderate
Unreviewed
CVE-2021-43956
was published
Mar 17, 2022
Due to the formatting logic of the "console.table()" function it was not safe to allow user...
High
Unreviewed
CVE-2022-21824
was published
Feb 25, 2022
Prototype Pollution in GitHub repository mastodon/mastodon prior to 3.5.0.
Moderate
Unreviewed
CVE-2022-0432
was published
Feb 3, 2022
ProTip!
Advisories are also available from the
GraphQL API