Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

Filter advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
73
GitHub Actions
53
Go
4,004
Maven
5,000+
npm
5,000+
NuGet
974
pip
5,000+
Pub
13
RubyGems
1,069
Rust
1,395
Swift
61
Unreviewed advisories
All unreviewed
5,000+

7 advisories

Loading
@sveltejs/kit: `query.batch` cross-talk Moderate
GHSA-hgv7-v322-mmgr was published for @sveltejs/kit (npm) May 21, 2026
rafabd1 Credited to rafabd1, elliott-with-the-longest-name-on-github, and dummdidumm elliott-with-the-longest-name-on-github elliott-with-the-longest-name-on-github
dummdidumm dummdidumm
Svelte: SSR XSS via Insecure Promise Serialization in hydratable Moderate
GHSA-f3cj-j4f6-wq85 was published for svelte (npm) May 14, 2026
dummdidumm Credited to dummdidumm and elliott-with-the-longest-name-on-github elliott-with-the-longest-name-on-github elliott-with-the-longest-name-on-github
Svelte Vulnerable to XSS via DOM Clobbering of Internal Framework State Moderate
CVE-2026-42573 was published for svelte (npm) May 14, 2026
elliott-with-the-longest-name-on-github Credited to elliott-with-the-longest-name-on-github and dummdidumm dummdidumm dummdidumm
Svelte: ReDoS in `<svelte:element>` Tag Validation Moderate
CVE-2026-42567 was published for svelte (npm) May 14, 2026
Meltedd Credited to Meltedd, dummdidumm, and elliott-with-the-longest-name-on-github dummdidumm dummdidumm
elliott-with-the-longest-name-on-github elliott-with-the-longest-name-on-github
Svelte devalue: DoS via sparse array deserialization High
CVE-2026-42570 was published for devalue (npm) May 14, 2026
elliott-with-the-longest-name-on-github Credited to elliott-with-the-longest-name-on-github, dummdidumm, and kq5y dummdidumm dummdidumm
kq5y kq5y
Svelte SSR vulnerable to cross-site scripting via spread attributes Moderate
CVE-2026-42599 was published for svelte (npm) May 14, 2026
dummdidumm Credited to dummdidumm and elliott-with-the-longest-name-on-github elliott-with-the-longest-name-on-github elliott-with-the-longest-name-on-github
@sveltejs/kit vulnerable to Cross-site Scripting via tracked search_params Moderate
CVE-2025-32388 was published for @sveltejs/kit (npm) Apr 14, 2025
kkarikos Credited to kkarikos, Rich-Harris, dominikg, and dummdidumm Rich-Harris Rich-Harris
dominikg dominikg dummdidumm dummdidumm
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database