GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
12 advisories
Filter by severity
Incorrect handling of CORS preflight request headers in hapi
Moderate
CVE-2015-9236
was published
for
hapi
(npm)
Jun 7, 2018
Unsafe Merging of CORS Configuration Conflict in hapi
Moderate
CVE-2015-9243
was published
for
hapi
(npm)
Sep 1, 2020
Budibase Improper Access Control vulnerability
Moderate
CVE-2022-3225
was published
for
@budibase/bbui
(npm)
Sep 17, 2022
directus vulnerable to Insertion of Sensitive Information into Log File
Moderate
CVE-2023-28443
was published
for
directus
(npm)
Mar 23, 2023
When setting EntityOptions.apiPrefilter to a function, the filter is not applied to API requests for a resource by Id
Moderate
CVE-2023-35167
was published
for
remult
(npm)
Jun 20, 2023
@lobehub/chat vulnerable to unauthorized access to plugins
Moderate
CVE-2024-24566
was published
for
@lobehub/chat
(npm)
Jan 31, 2024
Vite's `server.fs.deny` did not deny requests for patterns with directories.
Moderate
CVE-2024-31207
was published
for
vite
(npm)
Apr 3, 2024
Ghost's improper authentication allows access to member information and actions
Moderate
CVE-2024-43409
was published
for
@tryghost/portal
(npm)
Aug 20, 2024
Mattermost Desktop App fails to safeguard screen capture functionality
Moderate
CVE-2024-39772
was published
for
mattermost-desktop
(npm)
Sep 16, 2024
Vite's `server.fs.deny` is bypassed when using `?import&raw`
Moderate
CVE-2024-45811
was published
for
vite
(npm)
Sep 17, 2024
Directus vulnerable to SSRF Loopback IP filter bypass
Moderate
CVE-2024-46990
was published
for
@directus/api
(npm)
Sep 18, 2024
ProTip!
Advisories are also available from the
GraphQL API