GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,248
Erlang
31
GitHub Actions
21
Go
2,017
Maven
5,000+
npm
3,721
NuGet
662
pip
3,400
Pub
11
RubyGems
890
Rust
852
Swift
36
Unreviewed advisories
All unreviewed
5,000+
14 advisories
Filter by severity
Potential XSS vulnerability in jQuery
Moderate
CVE-2020-11022
was published
for
jquery
(RubyGems)
Apr 29, 2020
Bootstrap vulnerable to Cross-Site Scripting (XSS)
Moderate
CVE-2018-14040
was published
for
bootstrap
(RubyGems)
May 13, 2022
Grafana vulnerable to Stored Cross-site Scripting in Text plugin
Moderate
CVE-2023-22462
was published
for
github.com/grafana/grafana
(Go)
Mar 1, 2023
Electron Vulnerable to Code Execution by Re-Enabling Node.js Integration
High
CVE-2018-1000136
was published
for
electron
(npm)
Mar 26, 2018
Incorrect Authorization in NATS nats-server
High
CVE-2022-24450
was published
for
github.com/nats-io/nats-server/v2
(Go)
Feb 8, 2022
feathers-sequelize vulnerable to SQL injection due to improper parameter filtering
Critical
CVE-2022-29822
was published
for
feathers-sequelize
(npm)
Oct 26, 2022
JOSE vulnerable to resource exhaustion via specifically crafted JWE
Moderate
CVE-2022-36083
was published
for
jose
(npm)
Sep 16, 2022
KubeVirt vulnerable to arbitrary file read on host
High
GHSA-qv98-3369-g364
was published
for
kubevirt.io/kubevirt
(Go)
Sep 15, 2022
CKEditor 4.0 vulnerability in the HTML Data Processor
Moderate
CVE-2020-9281
was published
for
ckeditor4
(npm)
May 7, 2021
Feather-Sequelize cleanQuery method vulnerable to Prototype Pollution
Critical
CVE-2022-29823
was published
for
feathers-sequelize
(npm)
Oct 26, 2022
feathers-sequelize contains improper input validation leading to SQL injection
Critical
CVE-2022-2422
was published
for
feathers-sequelize
(npm)
Oct 26, 2022
xterm vulnerable to remote code execution
High
CVE-2019-0542
was published
for
xterm
(npm)
Jan 14, 2019
Signature forgery in Biscuit
Critical
CVE-2022-31053
was published
for
biscuit-auth
(Go)
Jun 17, 2022
ProTip!
Advisories are also available from the
GraphQL API