GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,274
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,419
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+
20 advisories
Filter by severity
Cross-Site Scripting in swagger-ui
Critical
CVE-2016-5682
was published
for
swagger-ui
(npm)
Sep 1, 2020
Cross-Site Scripting in swagger-ui
Critical
CVE-2016-1000226
was published
for
swagger-ui
(npm)
Sep 1, 2020
Cross-Site Scripting in dompurify
Critical
GHSA-mjjq-c88q-qhr6
was published
for
dompurify
(npm)
Sep 3, 2020
Privilege Escalation in cordova-plugin-inappbrowser
Critical
CVE-2019-0219
was published
for
cordova-plugin-inappbrowser
(npm)
Sep 4, 2020
SQL Injection and Cross-site Scripting in class-validator
Critical
CVE-2019-18413
was published
for
class-validator
(npm)
Oct 12, 2021
Joplin is vulnerable to arbitrary code execution
Critical
CVE-2022-35131
was published
for
joplin
(npm)
Jul 26, 2022
Valine code injection vulnerability
Critical
CVE-2022-38545
was published
for
valine
(npm)
Sep 20, 2022
XSS via prototype pollution in NodeBB
Critical
CVE-2021-43787
was published
for
nodebb
(npm)
Nov 30, 2021
Cross-site Scripting (XSS) in Eclipse Theia
Critical
CVE-2020-27224
was published
for
@theia/preview
(npm)
Apr 13, 2021
Unsafe defaults in `remark-html`
Critical
CVE-2021-39199
was published
for
remark-html
(npm)
Sep 7, 2021
Cross-Site Scripting in swagger-ui
Critical
GHSA-g336-c7wv-8hp3
was published
for
swagger-ui
(npm)
Sep 1, 2020
Arbitrary code execution in post-loader
Critical
CVE-2022-0748
was published
for
post-loader
(npm)
Mar 18, 2022
CleverTap Cordova plugin vulnerable to Cross-site Scripting
Critical
CVE-2023-2507
was published
for
clevertap-cordova
(npm)
Jul 15, 2023
external-svg-loader Cross-site Scripting vulnerability
Critical
CVE-2023-40013
was published
for
external-svg-loader
(npm)
Aug 14, 2023
Cross-site Scripting in @spscommerce/ds-react
Critical
GHSA-cfxh-frx4-9gjg
was published
for
@spscommerce/ds-react
(npm)
Dec 15, 2023
NextChat has full-read SSRF and XSS vulnerability in /api/cors endpoint
Critical
CVE-2023-49785
was published
for
nextchat
(npm)
Aug 5, 2024
Cross-site scripting in Swagger-UI
Critical
CVE-2019-17495
was published
for
io.springfox:springfox-swagger-ui
(Maven)
Oct 15, 2019
happy-dom allows for server side code to be executed by a <script> tag
Critical
CVE-2024-51757
was published
for
happy-dom
(npm)
Nov 6, 2024
ProTip!
Advisories are also available from the
GraphQL API