Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
44
GitHub Actions
45
Go
3,248
Maven
5,000+
npm
5,000+
NuGet
867
pip
4,513
Pub
12
RubyGems
997
Rust
1,189
Swift
51
Unreviewed advisories
All unreviewed
5,000+

8 advisories

Loading
qs's arrayLimit bypass in comma parsing allows denial of service Low
CVE-2026-2391 was published for qs (npm) Feb 12, 2026
SharokhAtaie Credited to SharokhAtaie and ljharb ljharb ljharb
JavaScript SDK v2 users should add validation to the region parameter value in or migrate to v3 Low
GHSA-j965-2qgj-vjmq was published for aws-sdk (npm) Jan 8, 2026
AWS SDK for JavaScript v3 adopted defense in depth enhancement for region parameter value Low
GHSA-6475-r3vj-m8vf was published for @smithy/config-resolver (npm) Jan 8, 2026
Vercel’s AI SDK's filetype whitelists can be bypassed when uploading files Low
CVE-2025-48985 was published for ai (npm) Nov 7, 2025
The fuels-ts typescript SDK has no awareness of to-be-spent transactions Low
CVE-2024-41945 was published for @fuel-ts/account (npm) Jul 30, 2024
Torres-ssf Credited to Torres-ssf, danielbate, Dhaiwat10, petertonysmith94, maschad, and arboleya danielbate danielbate
Dhaiwat10 Dhaiwat10 petertonysmith94 petertonysmith94 maschad maschad arboleya arboleya
Prefix escape Low
CVE-2021-21322 was published for fastify-http-proxy (npm) Mar 3, 2021
Environment Variable Injection in GitHub Actions Low
CVE-2020-15228 was published for @actions/core (npm) Oct 1, 2020
The `size` option isn't honored after following a redirect in node-fetch Low
CVE-2020-15168 was published for node-fetch (npm) Sep 10, 2020
rynop Credited to rynop, tdunlap607, and ziviseal tdunlap607 tdunlap607
ziviseal ziviseal
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database