Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,360
Erlang
33
GitHub Actions
22
Go
2,127
Maven
5,000+
npm
3,793
NuGet
683
pip
3,471
Pub
12
RubyGems
894
Rust
894
Swift
38
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

16 advisories

Loading
The jQuery deserialize library in Fisheye and Crucible before version 4.8.9 allowed remote... Moderate Unreviewed
CVE-2021-43956 was published Mar 17, 2022
SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP object injection in the UpgradeWizard... Moderate Unreviewed
CVE-2019-17317 was published May 24, 2022
SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP object injection in the Import module by a... Moderate Unreviewed
CVE-2019-17316 was published May 24, 2022
SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP object injection in the Administration... Moderate Unreviewed
CVE-2019-17315 was published May 24, 2022
Prototype Pollution in GitHub repository mastodon/mastodon prior to 3.5.0. Moderate Unreviewed
CVE-2022-0432 was published Feb 3, 2022
Prototype Pollution in Visioweb.js 1.10.6 allows attackers to execute XSS on the client system. Moderate Unreviewed
CVE-2022-3901 was published Feb 20, 2023
Cryptographic key vulnerability encoded in the FriendlyWrt firmware affecting version 2022-11-16... Moderate Unreviewed
CVE-2024-2495 was published Mar 15, 2024
A prototype pollution vulnerability exists in Strikingly CMS which can result in reflected cross... Moderate Unreviewed
CVE-2023-2582 was published May 8, 2023
The Your Journey theme for WordPress is vulnerable to Reflected Cross-Site Scripting via... Moderate Unreviewed
CVE-2023-3933 was published Oct 20, 2023
The nsc theme for WordPress is vulnerable to Reflected Cross-Site Scripting via prototype... Moderate Unreviewed
CVE-2023-3965 was published Oct 20, 2023
The Winters theme for WordPress is vulnerable to Reflected Cross-Site Scripting via prototype... Moderate Unreviewed
CVE-2023-3962 was published Oct 20, 2023
adolph_dudu ratio-swiper v0.0.2 was discovered to contain a prototype pollution via the function... Moderate Unreviewed
CVE-2024-39000 was published Jul 1, 2024
adolph_dudu ratio-swiper 0.0.2 was discovered to contain a prototype pollution via the function... Moderate Unreviewed
CVE-2024-39853 was published Jul 1, 2024
In JetBrains YouTrack before 2024.3.52635 multiple merge functions were vulnerable to prototype... Moderate Unreviewed
CVE-2024-54156 was published Dec 4, 2024
In Progress® Telerik® KendoReact versions v3.5.0 through v9.4.0, an attacker can introduce or... Moderate Unreviewed
CVE-2024-12629 was published Feb 12, 2025
In Progress® Telerik® Kendo UI for Vue versions v2.4.0 through v6.0.1, an attacker can introduce... Moderate Unreviewed
CVE-2024-11628 was published Feb 12, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database