Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
50
Go
3,606
Maven
5,000+
npm
5,000+
NuGet
924
pip
4,831
Pub
13
RubyGems
1,045
Rust
1,256
Swift
53
Unreviewed advisories
All unreviewed
5,000+

32 advisories

Loading
justhtml has sanitization bypass in custom policies and programmatic DOM Moderate
GHSA-vrx2-77f2-ww34 was published for justhtml (pip) Apr 22, 2026
EmilStenstrom Credited to EmilStenstrom
Multiple security fixes in justhtml Low
GHSA-4p64-v8f5-r2gx was published for justhtml (pip) Apr 14, 2026
EmilStenstrom Credited to EmilStenstrom
IBM Aspera Faspex 5.0.0 through 5.0.12 could allow an authenticated user to obtain sensitive... High Unreviewed
CVE-2025-33136 was published May 22, 2025
: Modification of Assumed-Immutable Data (MAID) vulnerability in ABB ANC, ABB ANC-L, ABB ANC-mini... High Unreviewed
CVE-2024-9876 was published Apr 30, 2025
An issue was discovered in Exasol jdbc driver 24.2.0. Attackers can inject malicious parameters... Critical Unreviewed
CVE-2024-55551 was published Mar 19, 2025
IBM Security Verify Bridge 1.0.0 through 1.0.15 could allow a local privileged user to overwrite... Moderate Unreviewed
CVE-2024-45672 was published Jan 23, 2025
IBM QRadar WinCollect Agent 10.0.0 through 10.1.12 could allow a remote attacker to inject XML... Moderate Unreviewed
CVE-2024-51462 was published Jan 17, 2025
Neo4j Cypher component mishandles IMMUTABLE privileges Moderate
CVE-2024-34517 was published for org.neo4j:neo4j-cypher (Maven) May 7, 2024
irene221b Credited to irene221b
Modification of Assumed-Immutable Data (MAID) in RDT400 in SICK APU allows an unprivileged... Moderate Unreviewed
CVE-2023-43697 was published Oct 9, 2023
The External Visitor Manager portal of HID’s SAFE versions 5.8.0 through 5.11.3 are vulnerable... High Unreviewed
CVE-2023-2904 was published Jul 6, 2023
A branch/tag name confusion in GitLab CE/EE affecting all versions prior to 15.2.5, 15.3 prior to... Moderate Unreviewed
CVE-2022-3288 was published Oct 17, 2022
Google Play Services SDK leads to apps having incorrectly set mutability flag Moderate
CVE-2022-2390 was published for com.google.android.gms:play-services-basement (Maven) Aug 13, 2022
An attacker could prepare a specially crafted project file that, if opened, would attempt to... Moderate Unreviewed
CVE-2021-42701 was published May 24, 2022
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0 SP2).... Moderate Unreviewed
CVE-2021-37177 was published May 24, 2022
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0 SP2). An... Moderate Unreviewed
CVE-2021-37193 was published May 24, 2022
Moodle Allows Modification of Constants Moderate
CVE-2011-4301 was published for moodle/moodle (Composer) May 13, 2022
Prototype pollution in json8-merge-patch High
CVE-2020-8268 was published for json8-merge-patch (npm) May 10, 2021
TypeORM vulnerable to MAID and Prototype Pollution Critical
CVE-2020-8158 was published for typeorm (npm) May 7, 2021
Prototype Pollution in immer High
CVE-2020-28477 was published for immer (npm) Jan 20, 2021
levpachmanov Credited to levpachmanov
Write to immutable memory region in TensorFlow Moderate
CVE-2020-26268 was published for tensorflow (pip) Dec 10, 2020
Prototype Pollution in systeminformation Moderate
CVE-2020-26245 was published for systeminformation (npm) Nov 27, 2020
Prototype Pollution in highlight.js Moderate
CVE-2020-26237 was published for highlight.js (npm) Nov 24, 2020
turt2live Credited to turt2live, allejo, and joshgoebel allejo allejo
joshgoebel joshgoebel
Prototype Pollution in json-logic-js High
GHSA-m9hw-7xfv-wqg7 was published for json-logic-js (npm) Nov 12, 2020
Prototype pollution in object-path High
CVE-2020-15256 was published for object-path (npm) Oct 19, 2020
alromh87 Credited to alromh87, JamieSlome, Asjidkalam, and huntr-helper JamieSlome JamieSlome
Asjidkalam Asjidkalam huntr-helper huntr-helper
Prototype Pollution High
CVE-2020-8147 was published for utils-extend (npm) Sep 3, 2020
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database