Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
44
GitHub Actions
43
Go
3,181
Maven
5,000+
npm
5,000+
NuGet
863
pip
4,474
Pub
12
RubyGems
991
Rust
1,185
Swift
51
Unreviewed advisories
All unreviewed
5,000+

5 advisories

Loading
Withdrawn Advisory: express improperly controls modification of query properties Low
CVE-2024-51999 was published for express (npm) Dec 1, 2025 withdrawn
ctcpip Credited to ctcpip, wesleytodd, jonchurch, bjohansebas, and UlisesGascon wesleytodd wesleytodd
jonchurch jonchurch bjohansebas bjohansebas UlisesGascon UlisesGascon
on-headers is vulnerable to http response header manipulation Low
CVE-2025-7339 was published for on-headers (npm) Jul 17, 2025
ctcpip Credited to ctcpip, jonchurch, SPodjasek, UlisesGascon, sheplu, and Zen-cronic jonchurch jonchurch
SPodjasek SPodjasek UlisesGascon UlisesGascon sheplu sheplu Zen-cronic Zen-cronic
send vulnerable to template injection that can lead to XSS Low
CVE-2024-43799 was published for send (npm) Sep 10, 2024
AdamKorcz Credited to AdamKorcz, UlisesGascon, ctcpip, and wesleytodd UlisesGascon UlisesGascon
ctcpip ctcpip wesleytodd wesleytodd
serve-static vulnerable to template injection that can lead to XSS Low
CVE-2024-43800 was published for serve-static (npm) Sep 10, 2024
AdamKorcz Credited to AdamKorcz, UlisesGascon, ctcpip, and wesleytodd UlisesGascon UlisesGascon
ctcpip ctcpip wesleytodd wesleytodd
express vulnerable to XSS via response.redirect() Low
CVE-2024-43796 was published for express (npm) Sep 10, 2024
AdamKorcz Credited to AdamKorcz, UlisesGascon, ctcpip, and wesleytodd UlisesGascon UlisesGascon
ctcpip ctcpip wesleytodd wesleytodd
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database