GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,800
Erlang
36
GitHub Actions
29
Go
2,380
Maven
5,000+
npm
4,005
NuGet
720
pip
3,805
Pub
12
RubyGems
927
Rust
986
Swift
38
Unreviewed advisories
All unreviewed
5,000+
4,006 advisories
Filter by severity
aws-cdk-lib's aspect order change causes different Permissions Boundary assigned to Role
Low
GHSA-qc59-cxj2-c2w4
was published
for
aws-cdk-lib
(npm)
Apr 15, 2025
jquery-validation vulnerable to Cross-site Scripting
Moderate
CVE-2025-3573
was published
for
jquery-validation
(npm)
Apr 15, 2025
cookie accepts cookie name, path, and domain with out of bounds characters
Low
CVE-2024-47764
was published
for
cookie
(npm)
Oct 4, 2024
nest allows a remote attacker to execute arbitrary code via the Content-Type header
Moderate
CVE-2024-29409
was published
for
@nestjs/common
(npm)
Mar 14, 2025
glob-parent 6.0.0 vulnerable to Regular Expression Denial of Service
High
CVE-2021-35065
was published
for
glob-parent
(npm)
Jul 18, 2022
js-object-utilities Vulnerable to Prototype Pollution
High
CVE-2025-28269
was published
for
js-object-utilities
(npm)
Apr 7, 2025
Insecure default value for CORS configuration
Critical
CVE-2022-26969
was published
for
directus
(npm)
Apr 5, 2022
Bootstrap Cross-Site Scripting (XSS) vulnerability
Moderate
CVE-2024-6531
was published
for
bootstrap
(RubyGems)
Jul 11, 2024
Cross-site Scripting in jquery-ui
Moderate
CVE-2010-5312
was published
for
jQuery.UI.Combined
(RubyGems)
Oct 24, 2017
Directus inserts access token from query string into logs
Moderate
CVE-2024-47822
was published
for
@directus/api
(npm)
Apr 14, 2025
YUI Cross-site Scripting (XSS) vulnerability
Moderate
CVE-2013-4942
was published
for
moodle/moodle
(Composer)
May 13, 2022
YUI Cross-site Scripting (XSS) vulnerability
Moderate
CVE-2013-4941
was published
for
moodle/moodle
(Composer)
May 13, 2022
YUI Cross-site Scripting (XSS) vulnerability
Moderate
CVE-2013-4940
was published
for
moodle/moodle
(Composer)
May 13, 2022
Vega Cross-Site Scripting (XSS) via event filter when not using CSP mode expressionInterpeter
Moderate
CVE-2025-26619
was published
for
vega
(npm)
Mar 27, 2025
Vite has an `server.fs.deny` bypass with an invalid `request-target`
Moderate
CVE-2025-32395
was published
for
vite
(npm)
Apr 11, 2025
exec-local-bin vulnerable to Command Injection
Critical
CVE-2022-25923
was published
for
exec-local-bin
(npm)
Jan 6, 2023
Uniswap Universal Router Incorrect Authorization vulnerability
High
CVE-2022-48216
was published
for
@uniswap/universal-router
(npm)
Jan 4, 2023
Flowise Vulnerable to SQL Injection via `tableName` Parameter
High
CVE-2025-29189
was published
for
flowise-components
(npm)
Apr 9, 2025
node-opcua-alarm-condition prototype pollution vulnerability
High
CVE-2024-57086
was published
for
node-opcua-alarm-condition
(npm)
Feb 6, 2025
AWS CDK CodePipeline: trusted entities are too broad
Low
GHSA-5pq3-h73f-66hr
was published
for
aws-cdk-lib
(npm)
Mar 24, 2025
Koajs vulnerable to Cross-Site Scripting (XSS) at ctx.redirect() function
Moderate
CVE-2025-32379
was published
for
koa
(npm)
Apr 9, 2025
crud-query-parser SQL Injection vulnerability
High
CVE-2025-32020
was published
for
crud-query-parser
(npm)
Apr 9, 2025
Apollo Gateway Query Planner Vulnerable to Excessive Resource Consumption via Named Fragment Expansion
High
CVE-2025-32030
was published
for
@apollo/gateway
(npm)
Apr 7, 2025
Apollo Gateway Query Planner Vulnerable to Excessive Resource Consumption via Optimization Bypass
High
CVE-2025-32031
was published
for
@apollo/gateway
(npm)
Apr 7, 2025
ts-asn1-der has Incorrect DER Encoding of Numbers Leading to Denial of Service and Incorrect Value Representation
Moderate
CVE-2025-32029
was published
for
@apeleghq/asn1-der
(npm)
Apr 7, 2025
ProTip!
Advisories are also available from the
GraphQL API