GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,273
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,739
NuGet
668
pip
3,417
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+
972 advisories
Filter by severity
crypto-js PBKDF2 1,000 times weaker than specified in 1993 and 1.3M times weaker than current standard
Critical
CVE-2023-46233
was published
for
crypto-js
(npm)
Oct 25, 2023
crypto-es PBKDF2 1,000 times weaker than specified in 1993 and 1.3M times weaker than current standard
Critical
CVE-2023-46133
was published
for
crypto-es
(npm)
Oct 25, 2023
Prototype Pollution in ali-security/mongoose
Critical
GHSA-rc4v-99cr-pjcm
was published
for
@seal-security/mongoose-fixed
(npm)
Oct 17, 2023
Babel vulnerable to arbitrary code execution when compiling specifically crafted malicious code
Critical
CVE-2023-45133
was published
for
@babel/traverse
(npm)
Oct 16, 2023
Server-Side Request Forgery (SSRF) in vriteio/vrite
Critical
CVE-2023-5572
was published
for
@vrite/sdk
(npm)
Oct 13, 2023
FUXA SQL Injection vulnerability
Critical
CVE-2023-31719
was published
for
fuxa-server
(npm)
Sep 22, 2023
systeminformation SSID Command Injection Vulnerability
Critical
CVE-2023-42810
was published
for
systeminformation
(npm)
Sep 21, 2023
A remote command execution (RCE) vulnerability in the /api/runscript endpoint of FUXA
Critical
CVE-2023-33831
was published
for
@frangoteam/fuxa
(npm)
Sep 18, 2023
Command Injection Vulnerability in find-exec
Critical
CVE-2023-40582
was published
for
find-exec
(npm)
Aug 30, 2023
tree-kit Prototype Pollution vulnerability
Critical
CVE-2023-38894
was published
for
tree-kit
(npm)
Aug 17, 2023
external-svg-loader Cross-site Scripting vulnerability
Critical
CVE-2023-40013
was published
for
external-svg-loader
(npm)
Aug 14, 2023
MrSwitch hello.js vulnerable to prototype pollution
Critical
CVE-2021-26505
was published
for
hellojs
(npm)
Aug 11, 2023
SES's dynamic import and spread operator provides possible path to arbitrary exfiltration and execution
Critical
CVE-2023-39532
was published
for
ses
(npm)
Aug 9, 2023
Soketi was exposed to Sandbox Escape vulnerability via vm2
Critical
GHSA-g6w6-h933-4rc5
was published
for
@soketi/soketi
(npm)
Aug 3, 2023
Anyone with a share link can RESET all website data in Umami
Critical
GHSA-8www-cffh-4q98
was published
for
umami
(npm)
Jul 28, 2023
Path traversal and code execution via prototype vulnerability
Critical
CVE-2023-26045
was published
for
nodebb
(npm)
Jul 25, 2023
Mongoose Prototype Pollution vulnerability
Critical
CVE-2023-3696
was published
for
mongoose
(npm)
Jul 17, 2023
CleverTap Cordova plugin vulnerable to Cross-site Scripting
Critical
CVE-2023-2507
was published
for
clevertap-cordova
(npm)
Jul 15, 2023
protobufjs Prototype Pollution vulnerability
Critical
CVE-2023-36665
was published
for
protobufjs
(npm)
Jul 5, 2023
Parse Server vulnerable to remote code execution via MongoDB BSON parser through prototype pollution
Critical
CVE-2023-36475
was published
for
parse-server
(npm)
Jun 30, 2023
Malware in pre-build binaries of bignum
Critical
GHSA-7cgc-fjv4-52x6
was published
for
bignum
(npm)
May 24, 2023
ProTip!
Advisories are also available from the
GraphQL API