GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,273
Erlang
31
GitHub Actions
21
Go
2,055
Maven
5,000+
npm
3,739
NuGet
668
pip
3,417
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+
17 advisories
Filter by severity
Exposure of Resource to Wrong Sphere in Zip-Local
Critical
CVE-2021-23484
was published
for
zip-local
(npm)
Feb 1, 2022
n8n Information Disclosure vulnerability
High
CVE-2023-27564
was published
for
n8n
(npm)
May 10, 2023
Pomelo allows external control of critical state data
Moderate
CVE-2019-18954
was published
for
pomelo
(npm)
Dec 2, 2019
Calipso Arbitrary File Write via Archive Extraction (Zip Slip)
High
CVE-2021-23391
was published
for
calipso
(npm)
Jun 8, 2021
Renderers can obtain access to random bluetooth device without permission in Electron
Low
CVE-2022-21718
was published
for
electron
(npm)
Mar 22, 2022
xdlocalstorage does not verify request origin
High
CVE-2020-11610
was published
for
xdlocalstorage
(npm)
May 24, 2022
ecdh vulnerable to Exposure of Resource to Wrong Sphere
High
CVE-2022-44310
was published
for
ecdh
(npm)
Feb 24, 2023
Exposure of Resource to Wrong Sphere in valib
Moderate
CVE-2019-10805
was published
for
valib
(npm)
Apr 13, 2021
IPC messages delivered to the wrong frame in Electron
Moderate
CVE-2020-26272
was published
for
electron
(npm)
Jan 28, 2021
TaffyDB can allow access to any data items in the DB
High
CVE-2019-10790
was published
for
taffy
(npm)
Feb 19, 2020
Electron's sandboxed renderers can obtain thumbnails of arbitrary files through the nativeImage API
Moderate
CVE-2021-39184
was published
for
electron
(npm)
Oct 12, 2021
Remote code execution in Eclipse Theia
High
CVE-2021-34435
was published
for
@theia/mini-browser
(npm)
Sep 2, 2021
Compromised child renderer processes could obtain IPC access without nodeIntegrationInSubFrames being enabled
Low
CVE-2022-29247
was published
for
electron
(npm)
Jun 16, 2022
Context isolation bypass in Electron
Low
CVE-2020-15215
was published
for
electron
(npm)
Oct 6, 2020
Validation Bypass in schema-inspector
Critical
CVE-2019-10781
was published
for
schema-inspector
(npm)
Jun 10, 2020
ProTip!
Advisories are also available from the
GraphQL API