GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
11 advisories
@actions/core has Delimiter Injection Vulnerability in exportVariable
Moderate
CVE-2022-35954
was published
for
@actions/core
(npm)
Aug 18, 2022
Misinterpretation of malicious XML input
Moderate
CVE-2021-21366
was published
for
xmldom
(npm)
Mar 12, 2021
Denial of Service in graphql-go
Moderate
CVE-2022-21708
was published
for
github.com/graph-gophers/graphql-go
(Go)
Jan 27, 2022
github.com/russellhaering/goxmldsig vulnerable to Signature Validation Bypass
Moderate
CVE-2020-15216
was published
for
github.com/russellhaering/goxmldsig
(Go)
May 24, 2021
KaTeX's maxExpand bypassed by `\edef`
Moderate
CVE-2024-28243
was published
for
katex
(npm)
Mar 25, 2024
KaTeX's maxExpand bypassed by Unicode sub/superscripts
Moderate
CVE-2024-28244
was published
for
katex
(npm)
Mar 25, 2024
KaTeX's `\includegraphics` does not escape filename
Moderate
CVE-2024-28245
was published
for
katex
(npm)
Mar 25, 2024
KaTeX missing normalization of the protocol in URLs allows bypassing forbidden protocols
Moderate
CVE-2024-28246
was published
for
katex
(npm)
Mar 25, 2024
bep/imagemeta allows excessively large EXIF data structures
Moderate
CVE-2025-32024
was published
for
github.com/bep/imagemeta
(Go)
Apr 9, 2025
bep/imagemeta allows a potentially large memory allocation in PNG and WebP parsing
Moderate
CVE-2025-32025
was published
for
github.com/bep/imagemeta
(Go)
Apr 9, 2025
Requests vulnerable to .netrc credentials leak via malicious URLs
Moderate
CVE-2024-47081
was published
for
requests
(pip)
Jun 9, 2025
ProTip!
Advisories are also available from the
GraphQL API