GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,272
Erlang
31
GitHub Actions
21
Go
2,047
Maven
5,000+
npm
3,739
NuGet
668
pip
3,415
Pub
12
RubyGems
891
Rust
868
Swift
36
Unreviewed advisories
All unreviewed
5,000+
161 advisories
Filter by severity
Regular expression denial of service in jquery-validation
Low
CVE-2021-43306
was published
for
jquery-validation
(npm)
Jun 3, 2022
Withdrawn Advisory: Insufficient Granularity of Access Control in JSDom
Low
CVE-2021-20066
was published
for
jsdom
(npm)
May 24, 2022
•
withdrawn
Duplicate Advisory: Node CLI Allows Arbitrary File Overwrite
Low
CVE-2016-1000021
was published
for
cli
(npm)
May 24, 2022
•
withdrawn
Renderers can obtain access to random bluetooth device without permission in Electron
Low
CVE-2022-21718
was published
for
electron
(npm)
Mar 22, 2022
Hidden functionality in node-ipc
Low
GHSA-8gr3-2gjw-jj7g
was published
for
node-ipc
(npm)
Mar 16, 2022
Inconsistent storage layout for ERC2771ContextUpgradeable
Low
GHSA-7j52-6fjp-58gr
was published
for
@openzeppelin/contracts-upgradeable
(npm)
Mar 14, 2022
Forwarding of confidentials headers to third parties in fluture-node
Low
CVE-2022-24719
was published
for
fluture-node
(npm)
Mar 1, 2022
Time-of-check Time-of-use (TOCTOU) Race Condition in chownr
Low
CVE-2017-18869
was published
for
chownr
(npm)
Feb 10, 2022
Prototype Pollution in node-forge debug API.
Low
GHSA-5rrq-pxf6-6jx5
was published
for
node-forge
(npm)
Jan 8, 2022
Prototype Pollution in node-forge util.setPath API
Low
GHSA-wxgw-qj99-44c2
was published
for
node-forge
(npm)
Jan 8, 2022
URL parsing in node-forge could lead to undesired behavior.
Low
GHSA-gf8q-jrpm-jvxq
was published
for
node-forge
(npm)
Jan 8, 2022
jquery.terminal self XSS on user input
Low
CVE-2021-43862
was published
for
jquery.terminal
(npm)
Jan 6, 2022
Regular Expression Denial of Service (ReDoS) in braces
Low
CVE-2018-1109
was published
for
braces
(npm)
Jan 6, 2022
Regular Expression Denial of Service (ReDoS) in jsx-slack
Low
CVE-2021-43838
was published
for
jsx-slack
(npm)
Dec 17, 2021
ERC1155Supply vulnerability in OpenZeppelin Contracts
Low
GHSA-wmpv-c2jp-j2xg
was published
for
@openzeppelin/contracts
(npm)
Nov 15, 2021
Cross-site Scripting in bootstrap-table
Low
CVE-2021-23472
was published
for
bootstrap-table
(npm)
Nov 8, 2021
Path traversal when using `preview-docs` when working dir contains files with question mark `?` in name
Low
GHSA-q324-q795-2q5p
was published
for
@redocly/openapi-cli
(npm)
Oct 12, 2021
Command injection in @diez/generation
Low
CVE-2021-32830
was published
for
@diez/generation
(npm)
Sep 2, 2021
Incorrect TCR calculation in batchLiquidateTroves() during Recovery Mode
Low
GHSA-xh2p-7p87-fhgh
was published
for
@liquity/contracts
(npm)
Aug 5, 2021
Improper Neutralization of Special Elements used in a Command ('Command Injection') in @floffah/build
Low
GHSA-jcgr-9698-82jx
was published
for
@floffah/build
(npm)
May 28, 2021
User content sandbox can be confused into opening arbitrary documents
Low
CVE-2021-21320
was published
for
matrix-react-sdk
(npm)
Mar 3, 2021
Path traversal in Node-Red
Low
CVE-2021-21298
was published
for
@node-red/runtime
(npm)
Feb 26, 2021
Token verification bug in next-auth
Low
CVE-2021-21310
was published
for
next-auth
(npm)
Feb 11, 2021
ProTip!
Advisories are also available from the
GraphQL API