Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,826
Erlang
36
GitHub Actions
32
Go
2,426
Maven
5,000+
npm
4,058
NuGet
723
pip
3,848
Pub
12
RubyGems
934
Rust
1,006
Swift
38
Unreviewed advisories
All unreviewed
5,000+

11 advisories

Loading
MathLive's Lack of Escaping of HTML allows for XSS Moderate
CVE-2025-29049 was published for mathlive (npm) Jan 21, 2025
nsysean arnog
DOM Expressions has a Cross-Site Scripting (XSS) vulnerability due to improper use of string.replace High
CVE-2025-27108 was published for dom-expressions (npm) Feb 25, 2025
nsysean ryansolid
Solid Lacks Escaping of HTML in JSX Fragments allows for Cross-Site Scripting (XSS) High
CVE-2025-27109 was published for solid-js (npm) Feb 25, 2025
ryansolid nsysean
KaTeX \htmlData does not validate attribute names Moderate
CVE-2025-23207 was published for katex (npm) Jan 17, 2025
nsysean edemaine
React Developer Tools extension Improper Authorization vulnerability Moderate
CVE-2023-5654 was published for react-devtools-core (npm) Oct 19, 2023
KaTeX's `\includegraphics` does not escape filename Moderate
CVE-2024-28245 was published for katex (npm) Mar 25, 2024
martinvks edemaine
jupenur
Misinterpretation of malicious XML input Moderate
CVE-2021-32796 was published for @xmldom/xmldom (npm) Aug 3, 2021
diptendur2c
Critters Cross-site Scripting Vulnerability Moderate
CVE-2023-3481 was published for critters (npm) Aug 11, 2023
OpenZeppelin Contracts vulnerable to Improper Escaping of Output Moderate
CVE-2023-40014 was published for @openzeppelin/contracts (npm) Aug 11, 2023
dojox vulnerable to unescaped string injection Critical
CVE-2018-15494 was published for dojox (npm) Oct 15, 2018
Secret disclosure when containing characters that become URI encoded High
CVE-2020-26226 was published for semantic-release (npm) Nov 18, 2020
dbjorge
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database