Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
41
Go
3,039
Maven
5,000+
npm
4,779
NuGet
824
pip
4,380
Pub
12
RubyGems
987
Rust
1,143
Swift
50
Unreviewed advisories
All unreviewed
5,000+

3 advisories

Loading
Webpack's AutoPublicPathRuntimeModule has a DOM Clobbering Gadget that leads to XSS Moderate
CVE-2024-43788 was published for webpack (npm) Aug 27, 2024
jackfromeast Credited to jackfromeast, ishmeals, and mhassan1 ishmeals ishmeals
mhassan1 mhassan1
js-yaml has prototype pollution in merge (<<) Moderate
CVE-2025-64718 was published for js-yaml (npm) Nov 14, 2025
Zephkek Credited to Zephkek, mhassan1, opal-visibuild, alexstrive, jlp-craigmorten, and turi4200 mhassan1 mhassan1
opal-visibuild opal-visibuild alexstrive alexstrive jlp-craigmorten jlp-craigmorten turi4200 turi4200
Cross-site Scripting (XSS) in serialize-javascript Moderate
CVE-2024-11831 was published for serialize-javascript (npm) Feb 10, 2025
mhassan1 Credited to mhassan1
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database