Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,361
Erlang
33
GitHub Actions
22
Go
2,127
Maven
5,000+
npm
3,794
NuGet
685
pip
3,473
Pub
12
RubyGems
895
Rust
894
Swift
38
Unreviewed advisories
All unreviewed
5,000+

1,167 advisories

Loading
ToolJet is vulnerable to Denial of Service (DoS) Moderate
CVE-2022-4111 was published for tooljet (npm) Nov 22, 2022
aruneko
Uncaught exception in engine.io Moderate
CVE-2022-41940 was published for engine.io (npm) Nov 21, 2022
G-Rath
Fastify: Incorrect Content-Type parsing can lead to CSRF attack Moderate
CVE-2022-41919 was published for fastify (npm) Nov 21, 2022
Ry0taK
NodeBB vulnerable to Cross-Site Request Forgery Moderate
CVE-2022-3978 was published for nodebb (npm) Nov 13, 2022
Matrix-appservice-irc vulnerable to sql injection via roomIds argument Moderate
CVE-2022-3971 was published for matrix-appservice-irc (npm) Nov 13, 2022
Read the Docs vulnerable to Cross-Site Scripting (XSS) Moderate
GHSA-98pf-gfh3-x3mp was published for readthedocs (npm) Nov 10, 2022
stsewd
Exfiltration of hashed SMB credentials on Windows via file:// redirect Moderate
CVE-2022-36077 was published for electron (npm) Nov 10, 2022
coolcoolnoworries
deep-parse-json vulnerable to Prototype Pollution Moderate
CVE-2022-42743 was published for deep-parse-json (npm) Nov 4, 2022
fastest-json-copy vulnerable to Prototype Pollution Moderate
CVE-2022-41714 was published for fastest-json-copy (npm) Nov 4, 2022
Markdownify has Files or Directories Accessible to External Parties Moderate
CVE-2022-41710 was published for electron-markdownify (npm) Nov 4, 2022
deep-object-diff vulnerable to Prototype Pollution Moderate
CVE-2022-41713 was published for deep-object-diff (npm) Nov 4, 2022
diracdeltas ThisIsMissEm
odmana anogr
Batched HTTP requests may set incorrect `cache-control` response header Moderate
GHSA-8r69-3cvp-wxc3 was published for @apollo/server (npm) Nov 2, 2022
node-red-dashboard vulnerable to Cross-site Scripting Moderate
CVE-2022-3783 was published for node-red-dashboard (npm) Nov 1, 2022
@dependencytrack/frontend vulnerable to Persistent Cross-Site-Scripting via Vulnerability Details Moderate
CVE-2022-39350 was published for @dependencytrack/frontend (npm) Oct 25, 2022
Waterstraal
The graphql-upload library included in Apollo Server 2 is vulnerable to CSRF mutations Moderate
GHSA-2p3c-p3qw-69r4 was published for apollo-server (npm) Oct 12, 2022
mxGraph vulnerable to cross-site scripting in setTooltips function Moderate
CVE-2022-40440 was published for mxgraph (npm) Oct 12, 2022
Cross site scripting in Metro UI Moderate
CVE-2022-41376 was published for metro4 (npm) Oct 11, 2022
NocoDB vulnerable to Denial of Service Moderate
CVE-2022-3423 was published for nocodb (npm) Oct 7, 2022
Upstash Adapter missing token verification Moderate
CVE-2022-39263 was published for @next-auth/upstash-redis-adapter (npm) Sep 30, 2022
voinik
Improper beacon events in matrix-js-sdk can result in availability issues Moderate
CVE-2022-39236 was published for matrix-js-sdk (npm) Sep 29, 2022
express-xss-sanitizer vulnerable to Prototype Pollution via allowedTags attribute Moderate
CVE-2022-21169 was published for express-xss-sanitizer (npm) Sep 27, 2022
Jodit Editor vulnerable to Cross-site Scripting Moderate
CVE-2022-23461 was published for jodit (npm) Sep 25, 2022
cw-alexcroteau
Toast UI Grid vulnerable to Cross-site Scripting Moderate
CVE-2022-23458 was published for tui-grid (npm) Sep 23, 2022
@netlify/ipx vulnerable to Full Response SSRF and Stored XSS via Cache Poisoning and Improper Host Validation Moderate
CVE-2022-39239 was published for @netlify/ipx (npm) Sep 21, 2022
fhir-works-on-aws-authz-smart handles permissions improperly Moderate
CVE-2022-39230 was published for fhir-works-on-aws-authz-smart (npm) Sep 21, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database