Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
21
Go
2,003
Maven
5,000+
npm
3,714
NuGet
661
pip
3,387
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+

1,128 advisories

Loading
Express ressource injection Moderate
CVE-2024-10491 was published for express (npm) Oct 29, 2024
axi92
Cross-site scripting in bootstrap-select Moderate
CVE-2019-20921 was published for bootstrap-select (npm) May 7, 2021
lunary-ai/lunary Access Control Vulnerability in Prompt Variation Management Moderate
CVE-2024-5389 was published for lunary (npm) Jun 10, 2024 withdrawn
smol-toml has a Denial of Service via malicious TOML document using deeply nested inline tables Moderate
GHSA-pqhp-25j4-6hq9 was published for smol-toml (npm) Nov 22, 2024
TheKodeToad
Open Chinese Convert subject to Denial of Service via Out-of-bounds Read Moderate
CVE-2018-16982 was published for opencc (npm) May 14, 2022
richardfan0606 DanBeard
Bootstrap Cross-Site Scripting (XSS) vulnerability for data-* attributes Moderate
CVE-2024-6485 was published for bootstrap (npm) Jul 11, 2024
hdtmccallie
Firebase JavaScript SDK allows attackers to manipulate the "_authTokenSyncURL" to point to their own server Moderate
CVE-2024-11023 was published for firebase (npm) Nov 18, 2024
Incorrect Access Control in NodeBB Moderate
CVE-2024-29316 was published for nodebb (npm) Mar 29, 2024
Mattermost Desktop App fails to safeguard screen capture functionality Moderate
CVE-2024-39772 was published for mattermost-desktop (npm) Sep 16, 2024
@blakeembrey/template vulnerable to code injection when attacker controls template input Moderate
CVE-2024-45390 was published for @blakeembrey/template (npm) Sep 3, 2024
mcoimbra filipeom
CKEditor4 low-risk cross-site scripting (XSS) vulnerability linked to potential domain takeover Moderate
CVE-2024-43411 was published for ckeditor4 (npm) Aug 21, 2024
webcrack has an Arbitrary File Write Vulnerability on Windows when Parsing and Saving a Malicious Bundle Moderate
CVE-2024-43373 was published for webcrack (npm) Aug 14, 2024
SteakEnthusiast
@jmondi/url-to-png enables capture screenshot of localhost web services (unauthenticated pages) Moderate
CVE-2024-39919 was published for @jmondi/url-to-png (npm) Jul 15, 2024
realArcherL
Server Side Request Forgery (SSRF) attack in Fedify Moderate
CVE-2024-39687 was published for @fedify/fedify (npm) Jul 5, 2024
ThisIsMissEm
socket.io has an unhandled 'error' event Moderate
CVE-2024-38355 was published for socket.io (npm) Jun 19, 2024
Y0ursTruly
Insufficient validation when decoding a Socket.IO packet Moderate
CVE-2023-32695 was published for socket.io-parser (npm) May 23, 2023
rafax00 darrachequesne
JSZip contains Path Traversal via loadAsync Moderate
CVE-2022-48285 was published for jszip (npm) Jan 29, 2023
insane vulnerable to Regular Expression Denial of Service Moderate
CVE-2020-26303 was published for insane (npm) Oct 26, 2024
Foundation Regular Expression Denial of Service vulnerability Moderate
CVE-2020-26304 was published for foundation-sites (npm) Oct 26, 2024
CommonRegexJS Regular Expression Denial of Service vulnerability Moderate
CVE-2020-26305 was published for commonregex (npm) Oct 26, 2024
OpenC3 stores passwords in clear text (`GHSL-2024-129`) Moderate
CVE-2024-47529 was published for @openc3/tool-common (RubyGems) Oct 2, 2024
p-
dom-iterator code execution vulnerability Moderate
CVE-2024-21541 was published for dom-iterator (npm) Nov 13, 2024
matrix-js-sdk has insufficient MXC URI validation which allows client-side path traversal Moderate
CVE-2024-50336 was published for matrix-js-sdk (npm) Nov 12, 2024
Prototype pollution not blocked by object-path related utilities in hoolock Moderate
CVE-2024-23339 was published for hoolock (npm) Jan 23, 2024
d3ng03
Denial of Service condition in Next.js image optimization Moderate
CVE-2024-47831 was published for next (npm) Oct 14, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database