GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,266
Erlang
31
GitHub Actions
21
Go
2,035
Maven
5,000+
npm
3,732
NuGet
662
pip
3,413
Pub
12
RubyGems
891
Rust
865
Swift
36
Unreviewed advisories
All unreviewed
5,000+
63 advisories
Filter by severity
Remote Code Execution on click of <a> Link in markdown preview
High
CVE-2024-49362
was published
for
joplin
(npm)
Nov 14, 2024
secp256k1-node allows private key extraction over ECDH
High
CVE-2024-48930
was published
for
secp256k1
(npm)
Oct 21, 2024
Denial of service in http-proxy-middleware
High
CVE-2024-21536
was published
for
http-proxy-middleware
(npm)
Oct 19, 2024
rejetto HFS vulnerable to OS Command Execution by remote authenticated users
High
CVE-2024-39943
was published
for
hfs
(npm)
Jul 5, 2024
ip SSRF improper categorization in isPublic
High
CVE-2024-29415
was published
for
ip
(npm)
Jun 2, 2024
@hoppscotch/cli affected by Sandbox Escape in @hoppscotch/js-sandbox leads to RCE
High
CVE-2024-34347
was published
for
@hoppscotch/cli
(npm)
Apr 22, 2024
@electron/packager's build process memory potentially leaked into final executable
High
CVE-2024-29900
was published
for
@electron/packager
(npm)
Mar 29, 2024
Sending a GET or HEAD request with a body crashes SvelteKit
High
CVE-2024-23641
was published
for
@sveltejs/adapter-node
(npm)
Jan 24, 2024
Synchrony deobfuscator prototype pollution vulnerability leading to arbitrary code execution
High
CVE-2023-45811
was published
for
deobfuscator
(npm)
Oct 18, 2023
llhttp vulnerable to HTTP request smuggling
High
CVE-2023-30589
was published
for
llhttp
(npm)
Jul 1, 2023
bwm-ng vulnerable to command injection
High
CVE-2023-26129
was published
for
bwm-ng
(npm)
May 27, 2023
n158 vulnerable to Command Injection due to improper input sanitization in the 'module.exports' function
High
CVE-2023-26127
was published
for
n158
(npm)
May 27, 2023
keep-module-latest vulnerable to Command Injection due to missing input sanitization
High
CVE-2023-26128
was published
for
keep-module-latest
(npm)
May 27, 2023
n8n Information Disclosure vulnerability
High
CVE-2023-27564
was published
for
n8n
(npm)
May 10, 2023
Duplicate Advisory: pullit Command Injection vulnerability
High
GHSA-2w9p-xf5h-qwj3
was published
for
pullit
(npm)
Mar 27, 2023
•
withdrawn
debug Inefficient Regular Expression Complexity vulnerability
High
CVE-2017-20165
was published
for
debug
(npm)
Jan 9, 2023
secp256k1-js implements ECDSA without required r and s validation, leading to signature forgery
High
CVE-2022-41340
was published
for
@lionello/secp256k1-js
(npm)
Sep 25, 2022
file-type vulnerable to Infinite Loop via malformed MKV file
High
CVE-2022-36313
was published
for
file-type
(npm)
Jul 22, 2022
OS Command Injection in s3-uploader
High
CVE-2021-34084
was published
for
s3-uploader
(npm)
Jun 3, 2022
Packing does not respect root-level ignore files in workspaces
High
CVE-2022-29244
was published
for
npm
(npm)
Jun 2, 2022
bson-objectid contains Improper input validation
High
CVE-2019-19729
was published
for
bson-objectid
(npm)
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API