Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
49
Go
3,521
Maven
5,000+
npm
5,000+
NuGet
912
pip
4,768
Pub
13
RubyGems
1,036
Rust
1,229
Swift
53
Unreviewed advisories
All unreviewed
5,000+

4 advisories

Loading
hono Improperly Handles JSX Attribute Names Allows HTML Injection in hono/jsx SSR Moderate
GHSA-458j-xx4x-4375 was published for hono (npm) Apr 16, 2026
tndud042713 Credited to tndud042713
Nodemailer Vulnerable to SMTP Command Injection via CRLF in Transport name Option (EHLO/HELO) Moderate
GHSA-vvjj-xcjg-gr5g was published for nodemailer (npm) Apr 8, 2026
tndud042713 Credited to tndud042713
LiquidJS: ownPropertyOnly bypass via sort_natural filter — prototype property information disclosure through sorting side-channel Moderate
CVE-2026-39412 was published for liquidjs (npm) Apr 8, 2026
tndud042713 Credited to tndud042713
Happy DOM ECMAScriptModuleCompiler: unsanitized export names are interpolated as executable code High
CVE-2026-33943 was published for happy-dom (npm) Mar 26, 2026
tndud042713 Credited to tndud042713
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database