Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,347
Erlang
31
GitHub Actions
22
Go
2,117
Maven
5,000+
npm
3,768
NuGet
680
pip
3,457
Pub
12
RubyGems
892
Rust
888
Swift
38
Unreviewed advisories
All unreviewed
5,000+

1,157 advisories

Loading
PostCSS line return parsing error Moderate
CVE-2023-44270 was published for postcss (npm) Sep 30, 2023
DCKcode
Zod denial of service vulnerability Moderate
CVE-2023-4316 was published for zod (npm) Sep 28, 2023
RobinTail
quill-mention Cross-site Scripting vulnerability Moderate
CVE-2023-26149 was published for quill-mention (npm) Sep 28, 2023
Improper Input Validation in nocodb Moderate
CVE-2023-5104 was published for nocodb (npm) Sep 21, 2023
graphql Uncontrolled Resource Consumption vulnerability Moderate
CVE-2023-26144 was published for graphql (npm) Sep 20, 2023
blamer vulnerable to Arbitrary Argument Injection via the blameByFile() API Moderate
CVE-2023-26143 was published for blamer (npm) Sep 19, 2023
Jodit Editor vulnerable to cross-site scripting Moderate
CVE-2023-42399 was published for jodit (npm) Sep 19, 2023
Strapi's field level permissions not being respected in relationship title Moderate
CVE-2023-37263 was published for @strapi/plugin-content-manager (npm) Sep 13, 2023
Boegie19 derrickmehaffy
alexandrebodin
Strapi may leak sensitive user information, user reset password, tokens via content-manager views Moderate
CVE-2023-36472 was published for @strapi/admin (npm) Sep 13, 2023
Boegie19 derrickmehaffy
alexandrebodin
Buttercup allows attackers to obtain the hash of the master password Moderate
CVE-2023-41646 was published for buttercup (npm) Sep 8, 2023
perry-mitchell
Electron vulnerable to out-of-package code execution when launched with arbitrary cwd Moderate
CVE-2023-39956 was published for electron (npm) Sep 6, 2023
SimonSiefke MarshallOfSound
Electron context isolation bypass via nested unserializable return value Moderate
CVE-2023-29198 was published for electron (npm) Sep 6, 2023
MarshallOfSound nornagon
Username enumeration attack in goauthentik Moderate
CVE-2023-39522 was published for @goauthentik/api (npm) Aug 29, 2023
markrassamni
@adobe/css-tools Regular Expression Denial of Service (ReDOS) while Parsing CSS Moderate
CVE-2023-26364 was published for @adobe/css-tools (npm) Aug 29, 2023
MongoDB Driver may publish events containing authentication-related data Moderate
CVE-2021-32050 was published for github.com/mongodb/mongo-swift-driver (Composer) Aug 29, 2023
Cleartext Signed Message Signature Spoofing in openpgp Moderate
CVE-2023-41037 was published for openpgp (npm) Aug 29, 2023
@webiny/react-rich-text-renderer vulnerable to insecure rendering of rich text content Moderate
CVE-2023-41167 was published for @webiny/react-rich-text-renderer (npm) Aug 24, 2023
@node-saml/node-saml's validatePostRequestAsync does not include checkTimestampsValidityError Moderate
CVE-2023-40178 was published for @node-saml/node-saml (npm) Aug 21, 2023
jindazhao01
@excalidraw/excalidraw Cross-site Scripting vulnerability Moderate
CVE-2023-26140 was published for @excalidraw/excalidraw (npm) Aug 16, 2023
Duplicate Advisory: @excalidraw/excalidraw Cross-site Scripting vulnerability Moderate
GHSA-fr9g-2m2h-c27j was published for @excalidraw/excalidraw (npm) Aug 16, 2023 withdrawn
Ghost vulnerable to arbitrary file read via symlinks in content import Moderate
CVE-2023-40028 was published for ghost (npm) Aug 15, 2023
ixSly
When `ui.isAccessAllowed` is `undefined`, the `adminMeta` GraphQL query is publicly accessible Moderate
CVE-2023-40027 was published for @keystone-6/core (npm) Aug 15, 2023
dcousens
Svelecte item names vulnerable to execution of arbitrary JavaScript Moderate
CVE-2023-38687 was published for svelecte (npm) Aug 14, 2023
FeldrinH
OpenZeppelin Contracts vulnerable to Improper Escaping of Output Moderate
CVE-2023-40014 was published for @openzeppelin/contracts (npm) Aug 11, 2023
Critters Cross-site Scripting Vulnerability Moderate
CVE-2023-3481 was published for critters (npm) Aug 11, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database