GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,273
Erlang
31
GitHub Actions
21
Go
2,055
Maven
5,000+
npm
3,739
NuGet
668
pip
3,417
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+
66 advisories
Filter by severity
@discordjs/opus vulnerable to Denial of Service
High
CVE-2024-21521
was published
for
@discordjs/opus
(npm)
Jul 10, 2024
Uptime Kuma vulnerable to authenticated remote code execution via malicious plugin installation
High
CVE-2023-36821
was published
for
uptime-kuma
(npm)
May 1, 2024
Sending a GET or HEAD request with a body crashes SvelteKit
High
CVE-2024-23641
was published
for
@sveltejs/adapter-node
(npm)
Jan 24, 2024
json-web-token library is vulnerable to a JWT algorithm confusion attack
High
CVE-2023-48238
was published
for
json-web-token
(npm)
Nov 17, 2023
import-in-the-middle has unsanitized user controlled input in module generation
High
CVE-2023-38704
was published
for
import-in-the-middle
(npm)
Aug 8, 2023
keep-module-latest vulnerable to Command Injection due to missing input sanitization
High
CVE-2023-26128
was published
for
keep-module-latest
(npm)
May 27, 2023
GovernorCompatibilityBravo may trim proposal calldata
High
CVE-2023-30542
was published
for
@openzeppelin/contracts
(npm)
Apr 20, 2023
is-http2 vulnerable to Improper Input Validation
High
CVE-2022-25906
was published
for
is-http2
(npm)
Feb 1, 2023
gatsby-transformer-remark has possible unsanitized JavaScript code injection
High
CVE-2023-22491
was published
for
gatsby-transformer-remark
(npm)
Jan 11, 2023
jsonwebtoken has insecure input validation in jwt.verify function
High
CVE-2022-23529
was published
for
jsonwebtoken
(npm)
Dec 22, 2022
•
withdrawn
decode-uri-component vulnerable to Denial of Service (DoS)
High
CVE-2022-38900
was published
for
decode-uri-component
(npm)
Nov 28, 2022
parse-server crashes when receiving file download request with invalid byte range
High
CVE-2022-39313
was published
for
parse-server
(npm)
Oct 18, 2022
OpenZeppelin Contracts's SignatureChecker may revert on invalid EIP-1271 signers
High
CVE-2022-31172
was published
for
@openzeppelin/contracts
(npm)
Jul 21, 2022
OpenZeppelin Contracts's ERC165Checker may revert instead of returning false
High
CVE-2022-31170
was published
for
@openzeppelin/contracts
(npm)
Jul 21, 2022
bson-objectid contains Improper input validation
High
CVE-2019-19729
was published
for
bson-objectid
(npm)
May 24, 2022
Denial of service vulnerability exists in libxmljs
High
CVE-2022-21144
was published
for
libxmljs
(npm)
May 3, 2022
Incorrect protocol extraction via \r, \n and \t characters
High
CVE-2022-1243
was published
for
urijs
(npm)
Apr 6, 2022
Validation bypass in frourio-express
High
CVE-2022-23624
was published
for
frourio-express
(npm)
Feb 7, 2022
Incorrect sanitisation function leads to `XSS` in mermaid
High
CVE-2021-43861
was published
for
mermaid
(npm)
Jan 6, 2022
Improper Input Validation in is-email
High
CVE-2021-36716
was published
for
is-email
(npm)
Dec 10, 2021
ProTip!
Advisories are also available from the
GraphQL API