Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,737
Maven
5,000+
npm
4,337
NuGet
764
pip
4,112
Pub
12
RubyGems
960
Rust
1,068
Swift
45
Unreviewed advisories
All unreviewed
5,000+

9 advisories

Loading
RCE via ZipSlip and symbolic links in argoproj/argo-workflows High
CVE-2025-66626 was published for github.com/argoproj/argo-workflows (Go) Dec 9, 2025
cristianstaicu meenakshisl
Credited to cristianstaicu and meenakshisl
happy-dom's `--disallow-code-generation-from-strings` is not sufficient for isolating untrusted JavaScript Critical
CVE-2025-62410 was published for happy-dom (npm) Oct 15, 2025
cristianstaicu shaked-seal
Credited to cristianstaicu and shaked-seal
Deno vulnerable to Exposure of Sensitive Information to an Unauthorized Actor Moderate
CVE-2024-21486 was published for deno (Rust) Jun 5, 2025
cristianstaicu vdata1
Credited to cristianstaicu and vdata1
Denial-of-Service when binding invalid parameters in sqlite3 High
CVE-2022-21227 was published for sqlite3 (npm) Apr 28, 2022
cristianstaicu
Credited to cristianstaicu
Prototype Pollution in convict High
CVE-2022-22143 was published for convict (npm) Apr 20, 2022
cristianstaicu arjunshibu
Credited to cristianstaicu and arjunshibu
Command injection in Parse Server through prototype pollution Critical
CVE-2022-24760 was published for parse-server (npm) Mar 11, 2022
yuske cristianstaicu
musard mtrezza
Credited to yuske, cristianstaicu, musard, and mtrezza
Prototype pollution in min-dash High
CVE-2021-23460 was published for min-dash (Maven) Feb 1, 2022
cristianstaicu
Credited to cristianstaicu
Improper Handling of Unexpected Data Type in ced High
CVE-2021-39131 was published for ced (npm) Aug 23, 2021
cristianstaicu
Credited to cristianstaicu
Misuse of `Reference` and other transferable APIs may lead to access to nodejs isolate High
CVE-2021-21413 was published for isolated-vm (npm) Apr 6, 2021
vdata1 cristianstaicu
Credited to vdata1 and cristianstaicu
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database