Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
21
Go
2,003
Maven
5,000+
npm
3,714
NuGet
661
pip
3,387
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+

1,457 advisories

Loading
Withdrawn Advisory: Lunary Improper Authentication vulnerability High
CVE-2024-6582 was published for lunary (npm) Sep 13, 2024 withdrawn
vincelwt
Flowise OverrideConfig security vulnerability High
GHSA-5cph-wvm9-45gj was published for flowise (npm) Nov 21, 2024
ryanhalliday
@strapi/plugin-users-permissions leaks 3rd party authentication tokens and authentication bypass High
CVE-2024-34065 was published for @strapi/plugin-users-permissions (npm) Jun 12, 2024
Eventyret iarce-qb
derrickmehaffy Convly innerdvations alexandrebodin
Regular Expression Denial of Service (ReDoS) in cross-spawn High
CVE-2024-21538 was published for cross-spawn (npm) Nov 8, 2024
rozeskjm G-Rath
@backstage/plugin-catalog-backend Prototype Pollution vulnerability High
CVE-2024-45815 was published for @backstage/plugin-catalog-backend (npm) Sep 17, 2024
@backstage/plugin-techdocs-backend storage bucket Directory Traversal vulnerability High
CVE-2024-45816 was published for @backstage/plugin-techdocs-backend (npm) Sep 17, 2024
Lunary improper access control vulnerability High
CVE-2024-6087 was published for lunary (npm) Sep 13, 2024
node-gettext vulnerable to Prototype Pollution High
CVE-2024-21528 was published for node-gettext (npm) Sep 10, 2024
Directus GraphQL Field Duplication Denial of Service (DoS) High
CVE-2024-39895 was published for @directus/env (npm) Jul 8, 2024
asantof
rejetto HFS vulnerable to OS Command Execution by remote authenticated users High
CVE-2024-39943 was published for hfs (npm) Jul 5, 2024
Directus incorrectly handles `_in` filter High
CVE-2024-39701 was published for directus (npm) Jul 8, 2024
adelinn
njwt Prototype Pollution vulnerability High
CVE-2024-34273 was published for njwt (npm) May 16, 2024
Improper certificate management in AWS IoT Device SDK v2 High
CVE-2021-40829 was published for aws-iot-device-sdk-v2 (Maven) Nov 24, 2021
Improper certificate management in AWS IoT Device SDK v2 High
CVE-2021-40831 was published for aws-iot-device-sdk-v2 (Maven) Nov 24, 2021
Improper certificate management in AWS IoT Device SDK v2 High
CVE-2021-40830 was published for aws-iot-device-sdk-v2 (Maven) Nov 24, 2021
Remote Code Execution on click of <a> Link in markdown preview High
CVE-2024-49362 was published for joplin (npm) Nov 14, 2024
jackfromeast
Parse Server's custom object ID allows to acquire role privileges High
CVE-2024-47183 was published for parse-server (npm) Oct 4, 2024
mstniy mtrezza
Next.js Denial of Service (DoS) condition High
CVE-2024-39693 was published for next (npm) Jul 10, 2024
kangax html-minifier REDoS vulnerability High
CVE-2022-37620 was published for html-minifier (npm) Oct 31, 2022
lilconfig Code Injection vulnerability High
CVE-2024-21537 was published for lilconfig (npm) Oct 31, 2024
Path traversal in oak allows transfer of hidden files within the served root directory High
CVE-2024-49770 was published for @oakserver/oak (npm) Nov 1, 2024
NeKzor
git-commit-info vulnerable to Command Injection High
CVE-2023-26134 was published for git-commit-info (npm) Jun 28, 2023
DSimsek000
OS Command Injection in Snyk gradle plugin High
CVE-2024-48964 was published for snyk-gradle-plugin (npm) Oct 23, 2024
OS Command Injection in Snyk php plugin High
CVE-2024-48963 was published for snyk-php-plugin (npm) Oct 23, 2024
Prototype pollution vulnerability found in Mermaid's bundled version of DOMPurify High
GHSA-m4gq-x24j-jpmf was published for mermaid (npm) Oct 22, 2024
aloisklink sidharthv96
ashishjain0512 mlevy-parasoft byt3n33dl3
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database