GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,189
Erlang
31
GitHub Actions
19
Go
1,985
Maven
5,000+
npm
3,701
NuGet
657
pip
3,326
Pub
11
RubyGems
882
Rust
836
Swift
35
Unreviewed advisories
All unreviewed
5,000+
1,125 advisories
Filter by severity
Denial of Service condition in Next.js image optimization
Moderate
CVE-2024-47831
was published
for
next
(npm)
Oct 14, 2024
Logging of the firestore key within nodejs-firestore
Moderate
CVE-2023-6460
was published
for
@google-cloud/firestore
(npm)
Dec 4, 2023
git-shallow-clone Argument Injection vulnerability
Moderate
CVE-2024-21531
was published
for
git-shallow-clone
(npm)
Oct 1, 2024
Hono allows bypass of CSRF Middleware by a request without Content-Type header.
Moderate
CVE-2024-48913
was published
for
hono
(npm)
Oct 15, 2024
Potential XSS vulnerability in jQuery
Moderate
CVE-2020-11022
was published
for
jquery
(RubyGems)
Apr 29, 2020
XSS in jQuery as used in Drupal, Backdrop CMS, and other products
Moderate
CVE-2019-11358
was published
for
django
(RubyGems)
Apr 26, 2019
mapshaper Path Traversal vulnerability
Moderate
CVE-2024-1163
was published
for
mapshaper
(npm)
Feb 13, 2024
Glossarizer Cross-site Scripting vulnerability
Moderate
CVE-2024-42515
was published
for
glossarizer
(npm)
Oct 31, 2024
Langchain Path Traversal vulnerability
Moderate
CVE-2024-7774
was published
for
langchain
(npm)
Oct 29, 2024
Generation of Error Message Containing Sensitive Information in zsa
Moderate
CVE-2024-37162
was published
for
zsa
(npm)
Jun 6, 2024
OpenC3 stores passwords in clear text (`GHSL-2024-129`)
Moderate
CVE-2024-47529
was published
for
@openc3/tool-common
(RubyGems)
Oct 2, 2024
OpenC3 Cross-site Scripting in Login functionality (`GHSL-2024-128`)
Moderate
CVE-2024-43795
was published
for
@openc3/tool-common
(RubyGems)
Oct 2, 2024
CycloneDX cdxgen may execute code contained within build-related files
Moderate
CVE-2024-50611
was published
for
@cyclonedx/cdxgen
(npm)
Oct 28, 2024
useragent Regular Expression Denial of Service vulnerability
Moderate
CVE-2020-26311
was published
for
useragent
(npm)
Oct 26, 2024
Ghost's improper authentication allows access to member information and actions
Moderate
CVE-2024-43409
was published
for
@tryghost/portal
(npm)
Aug 20, 2024
jQuery UI vulnerable to XSS when refreshing a checkboxradio with an HTML-like initial text label
Moderate
CVE-2022-31160
was published
for
jQuery.UI.Combined
(RubyGems)
Jul 18, 2022
nope-validator Regular Expression Denial of Service vulnerability
Moderate
CVE-2020-26309
was published
for
nope-validator
(npm)
Oct 26, 2024
validate.js Regular Expression Denial of Service vulnerability
Moderate
CVE-2020-26308
was published
for
validate.js
(npm)
Oct 26, 2024
Knwl.js Regular Expression Denial of Service vulnerability
Moderate
CVE-2020-26306
was published
for
knwl.js
(npm)
Oct 26, 2024
CommonRegexJS Regular Expression Denial of Service vulnerability
Moderate
CVE-2020-26305
was published
for
commonregex
(npm)
Oct 26, 2024
Foundation Regular Expression Denial of Service vulnerability
Moderate
CVE-2020-26304
was published
for
foundation-sites
(npm)
Oct 26, 2024
insane vulnerable to Regular Expression Denial of Service
Moderate
CVE-2020-26303
was published
for
insane
(npm)
Oct 26, 2024
Umbraco CMS vulnerable to stored Cross-site Scripting in the "dictionary name" on Dictionary section
Moderate
CVE-2024-47819
was published
for
@umbraco-cms/backoffice
(npm)
Oct 22, 2024
Slim Select has potential Cross-site Scripting issue
Moderate
CVE-2024-9440
was published
for
slim-select
(npm)
Oct 2, 2024
Cross site scripting in markdown-to-jsx
Moderate
CVE-2024-21535
was published
for
markdown-to-jsx
(npm)
Oct 15, 2024
ProTip!
Advisories are also available from the
GraphQL API