Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,189
Erlang
31
GitHub Actions
19
Go
1,985
Maven
5,000+
npm
3,701
NuGet
657
pip
3,326
Pub
11
RubyGems
882
Rust
836
Swift
35
Unreviewed advisories
All unreviewed
5,000+

14 advisories

Loading
Grafana vulnerable to Stored Cross-site Scripting in Text plugin Moderate
CVE-2023-22462 was published for github.com/grafana/grafana (Go) Mar 1, 2023
Churro michaelkedar
feathers-sequelize vulnerable to SQL injection due to improper parameter filtering Critical
CVE-2022-29822 was published for feathers-sequelize (npm) Oct 26, 2022
Churro
Feather-Sequelize cleanQuery method vulnerable to Prototype Pollution Critical
CVE-2022-29823 was published for feathers-sequelize (npm) Oct 26, 2022
Churro
feathers-sequelize contains improper input validation leading to SQL injection Critical
CVE-2022-2422 was published for feathers-sequelize (npm) Oct 26, 2022
Churro
JOSE vulnerable to resource exhaustion via specifically crafted JWE Moderate
CVE-2022-36083 was published for jose (npm) Sep 16, 2022
TomTervoort panva
Churro
KubeVirt vulnerable to arbitrary file read on host High
GHSA-qv98-3369-g364 was published for kubevirt.io/kubevirt (Go) Sep 15, 2022
rmohr 0xdidu
Churro andrewpollock
Signature forgery in Biscuit Critical
CVE-2022-31053 was published for biscuit-auth (Go) Jun 17, 2022
avivdolev Churro
Bootstrap vulnerable to Cross-Site Scripting (XSS) Moderate
CVE-2018-14040 was published for bootstrap (RubyGems) May 13, 2022
jhutchings1 stof
Churro tdunlap607 jenhae
Incorrect Authorization in NATS nats-server High
CVE-2022-24450 was published for github.com/nats-io/nats-server/v2 (Go) Feb 8, 2022
Churro andrewpollock
CKEditor 4.0 vulnerability in the HTML Data Processor Moderate
CVE-2020-9281 was published for ckeditor4 (npm) May 7, 2021
Churro
Command Injection in Limdu Low
CVE-2020-4066 was published for limdu (npm) Jun 22, 2020
Churro
Potential XSS vulnerability in jQuery Moderate
CVE-2020-11022 was published for jquery (RubyGems) Apr 29, 2020
masatokinugawa Churro
Rudloff
xterm vulnerable to remote code execution High
CVE-2019-0542 was published for xterm (npm) Jan 14, 2019
Churro
Electron Vulnerable to Code Execution by Re-Enabling Node.js Integration High
CVE-2018-1000136 was published for electron (npm) Mar 26, 2018
Churro
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database