Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,359
Erlang
33
GitHub Actions
22
Go
2,126
Maven
5,000+
npm
3,787
NuGet
683
pip
3,467
Pub
12
RubyGems
894
Rust
892
Swift
38
Unreviewed advisories
All unreviewed
5,000+

1,161 advisories

Loading
Nunjucks autoescape bypass leads to cross site scripting Moderate
CVE-2023-2142 was published for nunjucks (npm) Apr 20, 2023
blaiddx64
Bypass of CSRF protection in the presence of predictable userInfo Moderate
CVE-2023-27495 was published for @fastify/csrf-protection (npm) Apr 20, 2023
pedromigueladao lavish
Path traversal vulnerability in gatsby-plugin-sharp Moderate
CVE-2023-30548 was published for gatsby-plugin-sharp (npm) Apr 20, 2023
Strapi does not verify the access or ID tokens issued during the OAuth flow Moderate
CVE-2023-22893 was published for @strapi/plugin-users-permissions (npm) Apr 19, 2023
`chainId` may be outdated if user changes chains as part of connection in @web3-react Moderate
CVE-2023-30543 was published for @web3-react/coinbase-wallet (npm) Apr 18, 2023
OpenZeppelin Contracts TransparentUpgradeableProxy clashing selector calls may not be delegated Moderate
CVE-2023-30541 was published for @openzeppelin/contracts (npm) Apr 17, 2023
MarkLee131
matrix-js-sdk vulnerable to invisible eavesdropping in group calls Moderate
CVE-2023-29529 was published for matrix-js-sdk (npm) Apr 14, 2023
xml2js is vulnerable to prototype pollution Moderate
CVE-2023-0842 was published for xml2js (npm) Apr 5, 2023
brokenedtzjs OIRNOIR
simonkrol Harrington-Joe_pfghub G-Rath
Pandao Editor.md vulnerable to cross-site scripting (XSS) in editor parameter Moderate
CVE-2020-19698 was published for editor.md (npm) Apr 4, 2023
Directus API vulnerable to denial of service Moderate
CVE-2020-19850 was published for directus (npm) Apr 4, 2023
Pandao Editor.md vulnerable to cross-site scripting (XSS) in iframe src parameter Moderate
CVE-2020-19697 was published for editor.md (npm) Apr 4, 2023
angular vulnerable to regular expression denial of service via the angular.copy() utility Moderate
CVE-2023-26116 was published for angular (npm) Mar 30, 2023
angular vulnerable to regular expression denial of service via the $resource service Moderate
CVE-2023-26117 was published for angular (npm) Mar 30, 2023
angular vulnerable to regular expression denial of service via the <input type="url"> element Moderate
CVE-2023-26118 was published for angular (npm) Mar 30, 2023
directus vulnerable to Insertion of Sensitive Information into Log File Moderate
CVE-2023-28443 was published for directus (npm) Mar 23, 2023
JohnHillegass
Server-Side Request Forgery in Request Moderate
CVE-2023-28155 was published for @cypress/request (npm) Mar 16, 2023
NikoRaisanen G-Rath
Directus vulnerable to extraction of password hashes through export querying Moderate
CVE-2023-27481 was published for directus (npm) Mar 8, 2023
erik921 wgorecki
@nestjs/core vulnerable to Information Exposure via StreamableFile pipe Moderate
CVE-2023-26108 was published for @nestjs/core (npm) Mar 6, 2023
Directus vulnerable to Server-Side Request Forgery On File Import Moderate
CVE-2023-26492 was published for directus (npm) Mar 3, 2023
Ccamm votr123
OpenZeppelin Contracts contains Incorrect Calculation Moderate
CVE-2023-26488 was published for @openzeppelin/contracts (npm) Mar 3, 2023
Vega vulnerable to arbitrary code execution when clicking href links Moderate
GHSA-cp47-r258-q626 was published for vega (npm) Mar 2, 2023
keycloak-connect contains Open redirect vulnerability in the Node.js adapter Moderate
CVE-2022-2237 was published for keycloak-connect (npm) Mar 2, 2023
jviding
Vega Expression Language `scale` expression function Cross Site Scripting Moderate
CVE-2023-26486 was published for vega (npm) Mar 2, 2023
ajxchapman hydrosquall
Vega has Cross-site Scripting vulnerability in `lassoAppend` function Moderate
CVE-2023-26487 was published for vega (npm) Mar 2, 2023
azasypkin jkakavas
rsshub vulnerable to Cross-site Scripting via unvalidated URL parameters Moderate
CVE-2023-26491 was published for rsshub (npm) Mar 1, 2023
Ry0taK
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database