Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
2,000
Maven
5,000+
npm
3,711
NuGet
661
pip
3,383
Pub
11
RubyGems
885
Rust
849
Swift
36
Unreviewed advisories
All unreviewed
5,000+

105 advisories

Loading
Cloudera HUE Account Enumeration Moderate
CVE-2016-4947 was published for gethue (npm) May 17, 2022
Converse.js Exposure of Sensitive Information Moderate
CVE-2018-6591 was published for converse.js (Composer) May 14, 2022
Exposure of Sensitive Information in eventsource Critical
CVE-2022-1650 was published for eventsource (npm) May 13, 2022
macwier veloek
dlannoye
Leaking of user information on Cross-Domain communication in sysend Moderate
CVE-2022-24762 was published for sysend (npm) Mar 14, 2022
Incorrect Authorization in @uppy/companion High
CVE-2022-0528 was published for @uppy/companion (npm) Mar 4, 2022
Exposure of home directory through shescape on Unix with Bash Moderate
CVE-2022-24725 was published for shescape (npm) Mar 3, 2022
Forwarding of confidentials headers to third parties in fluture-node Low
CVE-2022-24719 was published for fluture-node (npm) Mar 1, 2022
Cookie exposure in requestretry High
CVE-2022-0654 was published for requestretry (npm) Feb 24, 2022
Insecure template handling in Express-handlebars High
CVE-2021-32820 was published for express-handlebars (npm) Feb 10, 2022
Exposure of Sensitive Information to an Unauthorized Actor in follow-redirects Moderate
CVE-2022-0536 was published for follow-redirects (npm) Feb 10, 2022
Exposure of Sensitive Information in simple-get High
CVE-2022-0355 was published for simple-get (npm) Jan 28, 2022
Exposure of Sensitive Information to an Unauthorized Actor in nanoid Moderate
CVE-2021-23566 was published for nanoid (npm) Jan 21, 2022
baptistecs
node-fetch forwards secure headers to untrusted sites High
CVE-2022-0235 was published for node-fetch (npm) Jan 21, 2022
kurt-r2c
Potential exposure of tokens to an Unauthorized Actor Moderate
CVE-2022-21671 was published for @replit/crosis (npm) Jan 12, 2022
Unauthorized access to data in @sap-cloud-sdk/core Moderate
CVE-2021-41251 was published for @sap-cloud-sdk/core (npm) Nov 10, 2021
johenning
LiveQuery publishes user session tokens in parse-server High
CVE-2021-41109 was published for parse-server (npm) Sep 30, 2021
dblythy
matrix-js-sdk can be tricked into disclosing E2EE room keys to a participating homeserver Moderate
CVE-2021-40823 was published for matrix-js-sdk (npm) Sep 14, 2021
dkasak
Insertion of Sensitive Information into Externally-Accessible File or Directory and Exposure of Sensitive Information to an Unauthorized Actor in hbs Moderate
CVE-2021-32822 was published for hbs (npm) Sep 2, 2021
Privilege escalation: all users can access Admin-level API keys Moderate
CVE-2021-39192 was published for ghost (npm) Jul 22, 2021
zn9988
Basic-auth app bundle credential exposure in gatsby-source-wordpress High
CVE-2021-32770 was published for gatsby-source-wordpress (npm) Jul 19, 2021
Private Field data leak High
CVE-2021-32624 was published for @keystonejs/keystone (npm) May 27, 2021
molomby dcousens
Potential memory exposure in dns-packet High
CVE-2021-23386 was published for dns-packet (npm) May 24, 2021
Credential leak in react-native-fast-image Moderate
CVE-2020-7696 was published for react-native-fast-image (npm) May 18, 2021
Insecure template handling in express-hbs Moderate
CVE-2021-32817 was published for express-hbs (npm) May 17, 2021
richardfan0606
Insecure template handling in Squirrelly High
CVE-2021-32819 was published for squirrelly (npm) May 17, 2021
nebrelbug
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database