Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,736
Maven
5,000+
npm
4,334
NuGet
764
pip
4,110
Pub
12
RubyGems
960
Rust
1,068
Swift
45
Unreviewed advisories
All unreviewed
5,000+

31 advisories

Loading
Cross-site Scripting Vulnerability in GraphQL Playground (distributed by Apollo Server) High
GHSA-qm7x-rc44-rrqw was published for apollo-server (npm) Nov 8, 2021
Ry0taK
Credited to Ry0taK
XSS vulnerability in GraphQL Playground from untrusted schemas High
CVE-2021-41249 was published for graphql-playground-react (npm) Nov 8, 2021
Ry0taK
Credited to Ry0taK
GraphiQL introspection schema template injection attack High
CVE-2021-41248 was published for graphiql (npm) Nov 8, 2021
Ry0taK
Credited to Ry0taK
User impersonation due to incorrect handling of the login JWT High
CVE-2021-39177 was published for org.geysermc:connector (Maven) Sep 7, 2021
Redned235 Camotoy
clankstar Ry0taK
Credited to Redned235, Camotoy, clankstar, and Ry0taK
Hugo can execute a binary from the current directory on Windows High
CVE-2020-26284 was published for github.com/gohugoio/hugo (Go) Jun 23, 2021
Ry0taK
Credited to Ry0taK
Local directory executable lookup in sops (Windows-only) Low
GHSA-x5c7-x7m2-rhmf was published for go.mozilla.org/sops/v3 (Go) May 20, 2021
Ry0taK
Credited to Ry0taK
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database