Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,743
Erlang
35
GitHub Actions
29
Go
2,315
Maven
5,000+
npm
3,949
NuGet
711
pip
3,729
Pub
12
RubyGems
920
Rust
965
Swift
38
Unreviewed advisories
All unreviewed
5,000+

23 advisories

Loading
Parsed HTML anchor links in Markdown provided to parseMarkdown can result in XSS in @nuxtjs/mdc Critical
CVE-2025-24981 was published for @nuxtjs/mdc (npm) Feb 6, 2025
lirantal
Better Auth URL parameter HTML Injection (Reflected Cross-Site scripting) Critical
GHSA-9x4v-xfq5-m8x5 was published for better-auth (npm) Feb 5, 2025
Eriner
happy-dom allows for server side code to be executed by a <script> tag Critical
CVE-2024-51757 was published for happy-dom (npm) Nov 6, 2024
kevin-mizu
NextChat has full-read SSRF and XSS vulnerability in /api/cors endpoint Critical
CVE-2023-49785 was published for nextchat (npm) Aug 5, 2024
nvn1729
Cross-site Scripting in @spscommerce/ds-react Critical
GHSA-cfxh-frx4-9gjg was published for @spscommerce/ds-react (npm) Dec 15, 2023
shramko82 knedev42
jimthedev
external-svg-loader Cross-site Scripting vulnerability Critical
CVE-2023-40013 was published for external-svg-loader (npm) Aug 14, 2023
r00tdaemon
CleverTap Cordova plugin vulnerable to Cross-site Scripting Critical
CVE-2023-2507 was published for clevertap-cordova (npm) Jul 15, 2023
Valine code injection vulnerability Critical
CVE-2022-38545 was published for valine (npm) Sep 20, 2022
Joplin is vulnerable to arbitrary code execution Critical
CVE-2022-35131 was published for joplin (npm) Jul 26, 2022
Rambox RCE Vulnerability Critical
CVE-2019-17625 was published for Rambox (npm) May 24, 2022
Nuclide Improper Input Validation Critical
CVE-2018-6333 was published for nuclide (npm) May 13, 2022
Arbitrary code execution in post-loader Critical
CVE-2022-0748 was published for post-loader (npm) Mar 18, 2022
XSS via prototype pollution in NodeBB Critical
CVE-2021-43787 was published for nodebb (npm) Nov 30, 2021
paul-gerste-sonarsource
SQL Injection and Cross-site Scripting in class-validator Critical
CVE-2019-18413 was published for class-validator (npm) Oct 12, 2021
Unsafe defaults in `remark-html` Critical
CVE-2021-39199 was published for remark-html (npm) Sep 7, 2021
matthieusieben
Cross-site Scripting (XSS) in Eclipse Theia Critical
CVE-2020-27224 was published for @theia/preview (npm) Apr 13, 2021
XSS in hello.js Critical
CVE-2020-7741 was published for hellojs (npm) Jan 13, 2021
Privilege Escalation in cordova-plugin-inappbrowser Critical
CVE-2019-0219 was published for cordova-plugin-inappbrowser (npm) Sep 4, 2020
Cross-Site Scripting in dompurify Critical
GHSA-mjjq-c88q-qhr6 was published for dompurify (npm) Sep 3, 2020
Cross-Site Scripting in swagger-ui Critical
GHSA-g336-c7wv-8hp3 was published for swagger-ui (npm) Sep 1, 2020
tdunlap607
Cross-Site Scripting in swagger-ui Critical
CVE-2016-5682 was published for swagger-ui (npm) Sep 1, 2020
Cross-Site Scripting in swagger-ui Critical
CVE-2016-1000226 was published for swagger-ui (npm) Sep 1, 2020
Cross-site scripting in Swagger-UI Critical
CVE-2019-17495 was published for io.springfox:springfox-swagger-ui (Maven) Oct 15, 2019
mustafanaa
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database