Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
2,891
Erlang
24
GitHub Actions
39
Go
2,240
Maven
2,698
npm
2,899
NuGet
500
pip
2,728
Pub
5
RubyGems
364
Rust
889
Swift
19
Unreviewed advisories
All unreviewed
5,000+

5 advisories

Loading
xmldom: Uncontrolled recursion in XML serialization leads to DoS High
CVE-2026-41673 was published for @xmldom/xmldom (npm) Apr 22, 2026
Jvr2022 Credited to Jvr2022, praveen-kv, and KarimTantawey praveen-kv praveen-kv
KarimTantawey KarimTantawey
@node-oauth/oauth2-server: PKCE code_verifier ABNF not enforced in token exchange allows brute-force redemption of intercepted authorization codes Moderate
GHSA-jhm7-29pj-4xvf was published for @node-oauth/oauth2-server (npm) Apr 16, 2026
KarimTantawey Credited to KarimTantawey, jankapunkt, and dhensby jankapunkt jankapunkt
dhensby dhensby
jsPDF Vulnerable to Denial of Service (DoS) via Unvalidated BMP Dimensions in BMPDecoder High
CVE-2026-24133 was published for jspdf (npm) Feb 2, 2026
KarimTantawey Credited to KarimTantawey
jsPDF Vulnerable to Stored XMP Metadata Injection (Spoofing & Integrity Violation) Moderate
CVE-2026-24043 was published for jspdf (npm) Feb 2, 2026
KarimTantawey Credited to KarimTantawey
jsPDF has Shared State Race Condition in addJS Plugin Moderate
CVE-2026-24040 was published for jspdf (npm) Feb 2, 2026
KarimTantawey Credited to KarimTantawey
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database