GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,273
Erlang
31
GitHub Actions
21
Go
2,055
Maven
5,000+
npm
3,739
NuGet
668
pip
3,417
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+
3,740 advisories
Filter by severity
insane vulnerable to Regular Expression Denial of Service
Moderate
CVE-2020-26303
was published
for
insane
(npm)
Oct 26, 2024
CommonRegexJS Regular Expression Denial of Service vulnerability
Moderate
CVE-2020-26305
was published
for
commonregex
(npm)
Oct 26, 2024
Foundation Regular Expression Denial of Service vulnerability
Moderate
CVE-2020-26304
was published
for
foundation-sites
(npm)
Oct 26, 2024
OS Command Injection in Snyk gradle plugin
High
CVE-2024-48964
was published
for
snyk-gradle-plugin
(npm)
Oct 23, 2024
OS Command Injection in Snyk php plugin
High
CVE-2024-48963
was published
for
snyk-php-plugin
(npm)
Oct 23, 2024
Prototype pollution vulnerability found in Mermaid's bundled version of DOMPurify
High
GHSA-m4gq-x24j-jpmf
was published
for
mermaid
(npm)
Oct 22, 2024
Umbraco CMS vulnerable to stored Cross-site Scripting in the "dictionary name" on Dictionary section
Moderate
CVE-2024-47819
was published
for
@umbraco-cms/backoffice
(npm)
Oct 22, 2024
secp256k1-node allows private key extraction over ECDH
High
CVE-2024-48930
was published
for
secp256k1
(npm)
Oct 21, 2024
Denial of service in http-proxy-middleware
High
CVE-2024-21536
was published
for
http-proxy-middleware
(npm)
Oct 19, 2024
ReDoS vulnerability in vue package that is exploitable through inefficient regex evaluation in the parseHTML function
Low
CVE-2024-9506
was published
for
vue
(npm)
Oct 15, 2024
Malicious homeservers can steal message keys when the matrix-react-sdk user invites another user to a room
High
CVE-2024-47824
was published
for
matrix-react-sdk
(npm)
Oct 15, 2024
Matrix JavaScript SDK's key history sharing could share keys to malicious devices
High
CVE-2024-47080
was published
for
matrix-js-sdk
(npm)
Oct 15, 2024
Vendure asset server plugin has local file read vulnerability with AssetServerPlugin & LocalAssetStorageStrategy
Critical
CVE-2024-48914
was published
for
@vendure/asset-server-plugin
(npm)
Oct 15, 2024
Hono allows bypass of CSRF Middleware by a request without Content-Type header.
Moderate
CVE-2024-48913
was published
for
hono
(npm)
Oct 15, 2024
Valid ECDSA signatures erroneously rejected in Elliptic
Low
CVE-2024-48948
was published
for
elliptic
(npm)
Oct 15, 2024
Cross site scripting in markdown-to-jsx
Moderate
CVE-2024-21535
was published
for
markdown-to-jsx
(npm)
Oct 15, 2024
DOM Clobbering Gadget found in astro's client-side router that leads to XSS
Moderate
CVE-2024-47885
was published
for
astro
(npm)
Oct 14, 2024
Denial of Service condition in Next.js image optimization
Moderate
CVE-2024-47831
was published
for
next
(npm)
Oct 14, 2024
angular-base64-upload vulnerable to unauthenticated remote code execution
Critical
CVE-2024-42640
was published
for
angular-base64-upload
(npm)
Oct 11, 2024
DOMpurify has a nesting-based mXSS
High
CVE-2024-47875
was published
for
dompurify
(npm)
Oct 11, 2024
JSONPath Plus Remote Code Execution (RCE) Vulnerability
Critical
CVE-2024-21534
was published
for
jsonpath-plus
(Maven)
Oct 11, 2024
Elliptic's verify function omits uniqueness validation
Low
CVE-2024-48949
was published
for
elliptic
(npm)
Oct 10, 2024
ggit is vulnerable to Arbitrary Argument Injection via the clone() API
Moderate
CVE-2024-21533
was published
for
ggit
(npm)
Oct 8, 2024
ggit is vulnerable to Command Injection via the fetchTags(branch) API
Moderate
CVE-2024-21532
was published
for
ggit
(npm)
Oct 8, 2024
SAP HANA Node.js client package vulnerable to Prototype Pollution
Moderate
CVE-2024-45277
was published
for
@sap/hana-client
(npm)
Oct 8, 2024
ProTip!
Advisories are also available from the
GraphQL API