Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,714
Erlang
34
GitHub Actions
28
Go
2,297
Maven
5,000+
npm
3,942
NuGet
708
pip
3,711
Pub
12
RubyGems
920
Rust
959
Swift
38
Unreviewed advisories
All unreviewed
5,000+

6 advisories

Loading
parse-server's session object properties can be updated by foreign user if object ID is known Moderate
CVE-2022-39225 was published for parse-server (npm) Sep 21, 2022
Improper Authorization in Strapi High
CVE-2020-27665 was published for strapi-plugin-content-type-builder (npm) Oct 29, 2020
Incorrect Default Permissions in log4js Moderate
CVE-2022-21704 was published for log4js (npm) Jan 21, 2022
lamweili ranjit-git
Pkg Local Privilege Escalation Moderate
CVE-2024-24828 was published for pkg (npm) Feb 9, 2024
TomiBelan
AWS Amplify CLI has incorrect trust policy management Critical
CVE-2024-28056 was published for @aws-amplify/cli (npm) Apr 15, 2024
AWS CDK CodePipeline: trusted entities are too broad Low
GHSA-5pq3-h73f-66hr was published for aws-cdk-lib (npm) Mar 24, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database