GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,205
Erlang
31
GitHub Actions
19
Go
1,988
Maven
5,000+
npm
3,704
NuGet
661
pip
3,332
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+
51 advisories
Filter by severity
Privilege escalation in mysql-connector-jav
Moderate
CVE-2019-2692
was published
for
mysql:mysql-connector-java
(Maven)
Jul 1, 2020
Clarify `mediaType` handling
Low
GHSA-77vh-xpmg-72qh
was published
for
github.com/opencontainers/image-spec
(Go)
Nov 18, 2021
Access of Resource Using Incompatible Type ('Type Confusion') in yourls/yourls
Critical
CVE-2019-14537
was published
for
yourls/yourls
(Composer)
Sep 23, 2019
Cross-site Scripting in bootstrap-table
Low
CVE-2021-23472
was published
for
bootstrap-table
(npm)
Nov 8, 2021
Access of Resource Using Incompatible Type in Hermes
Critical
CVE-2021-24044
was published
for
hermes-engine
(npm)
Jan 16, 2022
Type Confusion in ImpressCMS
Critical
CVE-2021-26600
was published
for
impresscms/impresscms
(Composer)
Mar 29, 2022
Type Confusion in LiveHelperChat
High
CVE-2022-1176
was published
for
remdex/livehelperchat
(Composer)
Apr 1, 2022
Prototype Pollution in json-pointer
Moderate
CVE-2021-23820
was published
for
json-pointer
(npm)
Nov 8, 2021
Access of Resource Using Incompatible Type in Facebook Hermes
Critical
CVE-2020-1911
was published
for
hermes-engine
(npm)
May 24, 2022
Type confusion leading to `CHECK`-failure based denial of service in TensorFlow
Moderate
CVE-2022-29209
was published
for
tensorflow
(pip)
May 24, 2022
Passing in a non-string 'html' argument can lead to unsanitized output
Moderate
CVE-2021-32696
was published
for
striptags
(npm)
Jun 18, 2021
Prototype Pollution in json-ptr
Moderate
CVE-2021-23509
was published
for
json-ptr
(npm)
Nov 8, 2021
Clarify Content-Type handling
Low
CVE-2021-41190
was published
for
github.com/opencontainers/distribution-spec
(Go)
Nov 18, 2021
Prototype Pollution in node-jsonpointer
Moderate
CVE-2021-23807
was published
for
jsonpointer
(npm)
Nov 8, 2021
OCI Manifest Type Confusion Issue
Low
GHSA-qq97-vm5h-rrhg
was published
for
github.com/docker/distribution
(Go)
Feb 8, 2022
Firebase PHP-JWT key/algorithm type confusion
Critical
CVE-2021-46743
was published
for
firebase/php-jwt
(Composer)
Mar 30, 2022
Unsafe fall-through in getWhereConditions
Critical
CVE-2023-22579
was published
for
@sequelize/core
(npm)
Feb 23, 2023
libxslt Type Confusion vulnerability that affects Nokogiri
High
CVE-2019-13118
was published
for
nokogiri
(RubyGems)
May 24, 2022
Ambiguous OCI manifest parsing
Low
GHSA-5j5w-g665-5m35
was published
for
github.com/containerd/containerd
(Go)
Nov 18, 2021
Duplicate advisory: Sequelize - Unsafe fall-through in getWhereConditions
High
GHSA-r3vq-92c6-3mqf
was published
for
@sequelize/core
(npm)
Feb 16, 2023
•
withdrawn
Nokogiri Improperly Handles Unexpected Data Type
High
CVE-2022-29181
was published
for
nokogiri
(RubyGems)
May 23, 2022
ProTip!
Advisories are also available from the
GraphQL API