GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
1,996
Maven
5,000+
npm
3,709
NuGet
661
pip
3,348
Pub
11
RubyGems
885
Rust
846
Swift
36
Unreviewed advisories
All unreviewed
5,000+
12 advisories
Filter by severity
Saltcorn Server Stored Cross-Site Scripting (XSS) in event logs page
Moderate
GHSA-pf56-h9qf-rxq4
was published
for
@saltcorn/server
(npm)
Oct 7, 2024
Saltcorn Server allows logged-in users to delete arbitrary files because of a path traversal vulnerability
High
CVE-2024-47818
was published
for
@saltcorn/server
(npm)
Oct 7, 2024
@saltcorn/plugins-loader unsanitized plugin name leads to a remote code execution (RCE) vulnerability when creating plugins using git source
High
GHSA-fm76-w8jw-xf8m
was published
for
@saltcorn/plugins-loader
(npm)
Oct 3, 2024
@saltcorn/server Remote Code Execution (RCE) / SQL injection via prototype pollution by manipulating `lang` and `defstring` parameters when setting localizer strings
High
GHSA-78p3-fwcq-62c2
was published
for
@saltcorn/server
(npm)
Oct 3, 2024
@saltcorn/server arbitrary file and directory listing when accessing build mobile app results
Moderate
GHSA-cfqx-f43m-vfh7
was published
for
@saltcorn/server
(npm)
Oct 3, 2024
@saltcorn/server arbitrary file zip read and download when downloading auto backups
Moderate
GHSA-277h-px4m-62q8
was published
for
@saltcorn/server
(npm)
Oct 3, 2024
SwiftNIO vulnerable to Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting')
Moderate
CVE-2022-3215
was published
for
github.com/apple/swift-nio
(Swift)
Jun 7, 2023
Async HTTP Client has CRLF Injection vulnerability in HTTP request headers
High
CVE-2023-0040
was published
for
github.com/swift-server/async-http-client
(Swift)
Jun 7, 2023
Regular Expression Denial of Service in Deno.upgradeWebSocket API
Moderate
CVE-2023-26103
was published
for
deno
(Rust)
Apr 3, 2023
Command Injection Vulnerability with Mercurial in VCS
Critical
CVE-2022-21235
was published
for
github.com/Masterminds/vcs
(Go)
Apr 1, 2022
Improper Neutralization of Special Elements used in a Command ('Command Injection') in Weblate
High
CVE-2022-23915
was published
for
Weblate
(pip)
Mar 4, 2022
Uncaught Exception in fastify-multipart
High
CVE-2021-23597
was published
for
fastify-multipart
(npm)
Feb 11, 2022
ProTip!
Advisories are also available from the
GraphQL API