GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,096
Erlang
29
GitHub Actions
19
Go
1,925
Maven
5,000+
npm
3,654
NuGet
638
pip
3,263
Pub
10
RubyGems
873
Rust
823
Swift
35
Unreviewed advisories
All unreviewed
5,000+
961 advisories
Filter by severity
@nfid/embed has compromised private key due to @dfinity/auth-client producing insecure session keys
Critical
GHSA-84c3-j8r2-mcm8
was published
for
@nfid/embed
(npm)
Feb 26, 2024
agent-js: Insecure Key Generation in `Ed25519KeyIdentity.generate`
Critical
CVE-2024-1631
was published
for
@dfinity/auth-client
(npm)
Feb 21, 2024
Stimulsoft Dashboard.JS directory traversal vulnerability
Critical
CVE-2024-24398
was published
for
stimulsoft-dashboards-js
(npm)
Feb 6, 2024
Ylianst MeshCentral Missing SSL Certificate Validation
Critical
CVE-2023-51837
was published
for
meshcentral
(npm)
Jan 30, 2024
DeviceFarmer stf uses DES-ECB
Critical
CVE-2023-51839
was published
for
@devicefarmer/stf
(npm)
Jan 29, 2024
@clerk/nextjs auth() and getAuth() methods vulnerable to insecure direct object reference (IDOR)
Critical
CVE-2024-22206
was published
for
@clerk/nextjs
(npm)
Jan 12, 2024
Arbitrary remote code execution within `wrangler dev` Workers sandbox
Critical
CVE-2023-7080
was published
for
wrangler
(npm)
Jan 3, 2024
plotly.js prototype pollution vulnerability
Critical
CVE-2023-46308
was published
for
plotly.js
(Composer)
Jan 3, 2024
bsock uses weak hashing algorithms
Critical
CVE-2023-50475
was published
for
bsock
(npm)
Dec 21, 2023
Pedroetb TTS-API OS Command Injection
Critical
CVE-2019-25158
was published
for
tts-api
(npm)
Dec 19, 2023
Cross-site Scripting in @spscommerce/ds-react
Critical
GHSA-cfxh-frx4-9gjg
was published
for
@spscommerce/ds-react
(npm)
Dec 15, 2023
Escalation of privileges in @sap/xssec
Critical
CVE-2023-49583
was published
for
@sap/xssec
(npm)
Dec 12, 2023
Code execution in evershop
Critical
CVE-2023-46498
was published
for
@evershop/evershop
(npm)
Dec 8, 2023
openssl npm package vulnerable to command execution
Critical
CVE-2023-49210
was published
for
openssl
(npm)
Nov 23, 2023
crypto-js PBKDF2 1,000 times weaker than specified in 1993 and 1.3M times weaker than current standard
Critical
CVE-2023-46233
was published
for
crypto-js
(npm)
Oct 25, 2023
crypto-es PBKDF2 1,000 times weaker than specified in 1993 and 1.3M times weaker than current standard
Critical
CVE-2023-46133
was published
for
crypto-es
(npm)
Oct 25, 2023
Prototype Pollution in ali-security/mongoose
Critical
GHSA-rc4v-99cr-pjcm
was published
for
@seal-security/mongoose-fixed
(npm)
Oct 17, 2023
Babel vulnerable to arbitrary code execution when compiling specifically crafted malicious code
Critical
CVE-2023-45133
was published
for
@babel/traverse
(npm)
Oct 16, 2023
Server-Side Request Forgery (SSRF) in vriteio/vrite
Critical
CVE-2023-5572
was published
for
@vrite/sdk
(npm)
Oct 13, 2023
FUXA SQL Injection vulnerability
Critical
CVE-2023-31719
was published
for
fuxa-server
(npm)
Sep 22, 2023
systeminformation SSID Command Injection Vulnerability
Critical
CVE-2023-42810
was published
for
systeminformation
(npm)
Sep 21, 2023
A remote command execution (RCE) vulnerability in the /api/runscript endpoint of FUXA
Critical
CVE-2023-33831
was published
for
@frangoteam/fuxa
(npm)
Sep 18, 2023
Command Injection Vulnerability in find-exec
Critical
CVE-2023-40582
was published
for
find-exec
(npm)
Aug 30, 2023
tree-kit Prototype Pollution vulnerability
Critical
CVE-2023-38894
was published
for
tree-kit
(npm)
Aug 17, 2023
ProTip!
Advisories are also available from the
GraphQL API