GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
1,996
Maven
5,000+
npm
3,709
NuGet
661
pip
3,348
Pub
11
RubyGems
885
Rust
846
Swift
36
Unreviewed advisories
All unreviewed
5,000+
3,709 advisories
Filter by severity
@strapi/plugin-users-permissions leaks 3rd party authentication tokens and authentication bypass
High
CVE-2024-34065
was published
for
@strapi/plugin-users-permissions
(npm)
Jun 12, 2024
Regular Expression Denial of Service (ReDoS) in @eslint/plugin-kit
Low
CVE-2024-21539
was published
for
@eslint/plugin-kit
(npm)
Nov 15, 2024
Regular Expression Denial of Service (ReDoS) in cross-spawn
High
CVE-2024-21538
was published
for
cross-spawn
(npm)
Nov 8, 2024
Bootstrap Cross-Site Scripting (XSS) vulnerability for data-* attributes
Moderate
CVE-2024-6485
was published
for
bootstrap
(npm)
Jul 11, 2024
Firebase JavaScript SDK allows attackers to manipulate the "_authTokenSyncURL" to point to their own server
Moderate
CVE-2024-11023
was published
for
firebase
(npm)
Nov 18, 2024
Incorrect Access Control in NodeBB
Moderate
CVE-2024-29316
was published
for
nodebb
(npm)
Mar 29, 2024
lunary-ai/lunary Access Control Vulnerability in Prompt Variation Management
Moderate
CVE-2024-5389
was published
for
lunary
(npm)
Jun 10, 2024
•
withdrawn
lunary-ai/lunary allows users unauthorized access to projects
Critical
CVE-2024-4146
was published
for
lunary
(npm)
Jun 8, 2024
•
withdrawn
JSONPath Plus Remote Code Execution (RCE) Vulnerability
Critical
CVE-2024-21534
was published
for
jsonpath-plus
(Maven)
Oct 11, 2024
@backstage/plugin-catalog-backend Prototype Pollution vulnerability
High
CVE-2024-45815
was published
for
@backstage/plugin-catalog-backend
(npm)
Sep 17, 2024
@backstage/plugin-techdocs-backend storage bucket Directory Traversal vulnerability
High
CVE-2024-45816
was published
for
@backstage/plugin-techdocs-backend
(npm)
Sep 17, 2024
Mattermost Desktop App fails to safeguard screen capture functionality
Moderate
CVE-2024-39772
was published
for
mattermost-desktop
(npm)
Sep 16, 2024
Lunary improper access control vulnerability
High
CVE-2024-6087
was published
for
lunary
(npm)
Sep 13, 2024
express vulnerable to XSS via response.redirect()
Low
CVE-2024-43796
was published
for
express
(npm)
Sep 10, 2024
serve-static vulnerable to template injection that can lead to XSS
Low
CVE-2024-43800
was published
for
serve-static
(npm)
Sep 10, 2024
send vulnerable to template injection that can lead to XSS
Low
CVE-2024-43799
was published
for
send
(npm)
Sep 10, 2024
node-gettext vulnerable to Prototype Pollution
High
CVE-2024-21528
was published
for
node-gettext
(npm)
Sep 10, 2024
@blakeembrey/template vulnerable to code injection when attacker controls template input
Moderate
CVE-2024-45390
was published
for
@blakeembrey/template
(npm)
Sep 3, 2024
Hono CSRF middleware can be bypassed using crafted Content-Type header
Low
CVE-2024-43787
was published
for
hono
(npm)
Aug 22, 2024
CKEditor4 low-risk cross-site scripting (XSS) vulnerability linked to potential domain takeover
Moderate
CVE-2024-43411
was published
for
ckeditor4
(npm)
Aug 21, 2024
webcrack has an Arbitrary File Write Vulnerability on Windows when Parsing and Saving a Malicious Bundle
Moderate
CVE-2024-43373
was published
for
webcrack
(npm)
Aug 14, 2024
Nuxt vulnerable to remote code execution via the browser when running the test locally
Critical
CVE-2024-34344
was published
for
nuxt
(npm)
Aug 5, 2024
@jmondi/url-to-png enables capture screenshot of localhost web services (unauthenticated pages)
Moderate
CVE-2024-39919
was published
for
@jmondi/url-to-png
(npm)
Jul 15, 2024
Directus GraphQL Field Duplication Denial of Service (DoS)
High
CVE-2024-39895
was published
for
@directus/env
(npm)
Jul 8, 2024
Server Side Request Forgery (SSRF) attack in Fedify
Moderate
CVE-2024-39687
was published
for
@fedify/fedify
(npm)
Jul 5, 2024
ProTip!
Advisories are also available from the
GraphQL API