GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,248
Erlang
31
GitHub Actions
21
Go
2,016
Maven
5,000+
npm
3,721
NuGet
662
pip
3,400
Pub
11
RubyGems
890
Rust
852
Swift
36
Unreviewed advisories
All unreviewed
5,000+
21 advisories
Filter by severity
libxmljs2 vulnerable to type confusion when parsing specially crafted XML
Critical
CVE-2024-34394
was published
for
libxmljs2
(npm)
May 2, 2024
libxmljs2 type confusion vulnerability when parsing specially crafted XML
Critical
CVE-2024-34393
was published
for
libxmljs2
(npm)
May 2, 2024
libxmljs vulnerable to type confusion when parsing specially crafted XML
Critical
CVE-2024-34391
was published
for
libxmljs
(npm)
May 2, 2024
libxmljs vulnerable to type confusion when parsing specially crafted XML
Critical
CVE-2024-34392
was published
for
libxmljs
(npm)
May 2, 2024
Unsafe fall-through in getWhereConditions
Critical
CVE-2023-22579
was published
for
@sequelize/core
(npm)
Feb 23, 2023
Duplicate advisory: Sequelize - Unsafe fall-through in getWhereConditions
High
GHSA-r3vq-92c6-3mqf
was published
for
@sequelize/core
(npm)
Feb 16, 2023
•
withdrawn
Access of Resource Using Incompatible Type in Facebook Hermes
Critical
CVE-2020-1911
was published
for
hermes-engine
(npm)
May 24, 2022
Access of Resource Using Incompatible Type in Hermes
Critical
CVE-2021-24044
was published
for
hermes-engine
(npm)
Jan 16, 2022
Cross-site Scripting in bootstrap-table
Low
CVE-2021-23472
was published
for
bootstrap-table
(npm)
Nov 8, 2021
Prototype Pollution in node-jsonpointer
Moderate
CVE-2021-23807
was published
for
jsonpointer
(npm)
Nov 8, 2021
Prototype Pollution in json-ptr
Moderate
CVE-2021-23509
was published
for
json-ptr
(npm)
Nov 8, 2021
Prototype Pollution in json-pointer
Moderate
CVE-2021-23820
was published
for
json-pointer
(npm)
Nov 8, 2021
Cross-site Scripting in edge.js
Moderate
CVE-2021-23443
was published
for
edge.js
(npm)
Sep 22, 2021
Prototype Pollution in object-path
Moderate
CVE-2021-23434
was published
for
object-path
(npm)
Sep 1, 2021
Passing in a non-string 'html' argument can lead to unsanitized output
Moderate
CVE-2021-32696
was published
for
striptags
(npm)
Jun 18, 2021
ProTip!
Advisories are also available from the
GraphQL API