GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
101
GitHub Actions
54
Go
4,282
Maven
5,000+
npm
5,000+
NuGet
1,029
pip
5,000+
Pub
13
RubyGems
1,105
Rust
1,490
Swift
61
Unreviewed advisories
All unreviewed
5,000+
36 advisories
Filter by severity
DOMPurify: Permanent `ALLOWED_ATTR` pollution via `setConfig()` bypassing the hook clone-guard (incomplete fix of the 3.4.7 hook-pollution patch)
Moderate
GHSA-cmwh-pvxp-8882
was published
for
dompurify
(npm)
Jun 18, 2026
Angular Client Hydration DOM Clobbering & Response-Cache Poisoning
High
CVE-2026-54267
was published
for
@angular/core
(npm)
Jun 15, 2026
Nautobot: GitRepository.current_head field should not be writable through REST API
High
CVE-2026-44798
was published
for
nautobot
(pip)
May 13, 2026
Modification of Assumed-Immutable Data (MAID) vulnerability in Drupal Translate Drupal with...
Low
Unreviewed
CVE-2026-8492
was published
May 20, 2026
justhtml has sanitization bypass in custom policies and programmatic DOM
Moderate
GHSA-vrx2-77f2-ww34
was published
for
justhtml
(pip)
Apr 22, 2026
Multiple security fixes in justhtml
Low
GHSA-4p64-v8f5-r2gx
was published
for
justhtml
(pip)
Apr 14, 2026
Prototype Pollution in lodash
Moderate
CVE-2018-3721
was published
for
lodash
(RubyGems)
Jul 26, 2018
IBM Aspera Faspex 5.0.0 through 5.0.12 could allow an authenticated user to obtain sensitive...
High
Unreviewed
CVE-2025-33136
was published
May 22, 2025
A branch/tag name confusion in GitLab CE/EE affecting all versions prior to 15.2.5, 15.3 prior to...
Moderate
Unreviewed
CVE-2022-3288
was published
Oct 17, 2022
: Modification of Assumed-Immutable Data (MAID) vulnerability in ABB ANC, ABB ANC-L, ABB ANC-mini...
High
Unreviewed
CVE-2024-9876
was published
Apr 30, 2025
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0 SP2). An...
Moderate
Unreviewed
CVE-2021-37193
was published
May 24, 2022
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0 SP2)....
Moderate
Unreviewed
CVE-2021-37177
was published
May 24, 2022
An issue was discovered in Exasol jdbc driver 24.2.0. Attackers can inject malicious parameters...
Critical
Unreviewed
CVE-2024-55551
was published
Mar 19, 2025
Neo4j Cypher component mishandles IMMUTABLE privileges
Moderate
CVE-2024-34517
was published
for
org.neo4j:neo4j-cypher
(Maven)
May 7, 2024
dot-prop Prototype Pollution vulnerability
High
CVE-2020-8116
was published
for
dot-prop
(npm)
Jul 29, 2020
IBM Security Verify Bridge 1.0.0 through 1.0.15 could allow a local privileged user to overwrite...
Moderate
Unreviewed
CVE-2024-45672
was published
Jan 23, 2025
IBM QRadar WinCollect Agent 10.0.0 through 10.1.12 could allow a remote attacker to inject XML...
Moderate
Unreviewed
CVE-2024-51462
was published
Jan 17, 2025
Write to immutable memory region in TensorFlow
Moderate
CVE-2020-26268
was published
for
tensorflow
(pip)
Dec 10, 2020
Modification of Assumed-Immutable Data (MAID) in RDT400 in SICK APU allows an
unprivileged...
Moderate
Unreviewed
CVE-2023-43697
was published
Oct 9, 2023
The External Visitor Manager portal of HID’s SAFE versions 5.8.0 through
5.11.3 are vulnerable...
High
Unreviewed
CVE-2023-2904
was published
Jul 6, 2023
Moodle Allows Modification of Constants
Moderate
CVE-2011-4301
was published
for
moodle/moodle
(Composer)
May 13, 2022
Prototype pollution in object-path
High
CVE-2020-15256
was published
for
object-path
(npm)
Oct 19, 2020
Prototype Pollution in handlebars
High
GHSA-q42p-pg8m-cqh6
was published
for
handlebars
(npm)
Jun 5, 2019
Prototype Pollution in defaults-deep
High
CVE-2018-3723
was published
for
defaults-deep
(npm)
Jul 26, 2018
ProTip!
Advisories are also available from the
GraphQL API