GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,238
Erlang
31
GitHub Actions
21
Go
2,005
Maven
5,000+
npm
3,716
NuGet
661
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
1,129 advisories
Filter by severity
Nunjucks autoescape bypass leads to cross site scripting
Moderate
CVE-2023-2142
was published
for
nunjucks
(npm)
Apr 20, 2023
@dapperduckling/keycloak-connector-server has Reflected XSS Vulnerability in Authentication Flow URL Handling
Moderate
CVE-2024-53843
was published
for
@dapperduckling/keycloak-connector-server
(npm)
Nov 26, 2024
Cross-site scripting in bootstrap-select
Moderate
CVE-2019-20921
was published
for
bootstrap-select
(npm)
May 7, 2021
lunary-ai/lunary Access Control Vulnerability in Prompt Variation Management
Moderate
CVE-2024-5389
was published
for
lunary
(npm)
Jun 10, 2024
•
withdrawn
smol-toml has a Denial of Service via malicious TOML document using deeply nested inline tables
Moderate
GHSA-pqhp-25j4-6hq9
was published
for
smol-toml
(npm)
Nov 22, 2024
Open Chinese Convert subject to Denial of Service via Out-of-bounds Read
Moderate
CVE-2018-16982
was published
for
opencc
(npm)
May 14, 2022
Bootstrap Cross-Site Scripting (XSS) vulnerability for data-* attributes
Moderate
CVE-2024-6485
was published
for
bootstrap
(npm)
Jul 11, 2024
Firebase JavaScript SDK allows attackers to manipulate the "_authTokenSyncURL" to point to their own server
Moderate
CVE-2024-11023
was published
for
firebase
(npm)
Nov 18, 2024
Incorrect Access Control in NodeBB
Moderate
CVE-2024-29316
was published
for
nodebb
(npm)
Mar 29, 2024
Mattermost Desktop App fails to safeguard screen capture functionality
Moderate
CVE-2024-39772
was published
for
mattermost-desktop
(npm)
Sep 16, 2024
@blakeembrey/template vulnerable to code injection when attacker controls template input
Moderate
CVE-2024-45390
was published
for
@blakeembrey/template
(npm)
Sep 3, 2024
CKEditor4 low-risk cross-site scripting (XSS) vulnerability linked to potential domain takeover
Moderate
CVE-2024-43411
was published
for
ckeditor4
(npm)
Aug 21, 2024
webcrack has an Arbitrary File Write Vulnerability on Windows when Parsing and Saving a Malicious Bundle
Moderate
CVE-2024-43373
was published
for
webcrack
(npm)
Aug 14, 2024
@jmondi/url-to-png enables capture screenshot of localhost web services (unauthenticated pages)
Moderate
CVE-2024-39919
was published
for
@jmondi/url-to-png
(npm)
Jul 15, 2024
Server Side Request Forgery (SSRF) attack in Fedify
Moderate
CVE-2024-39687
was published
for
@fedify/fedify
(npm)
Jul 5, 2024
socket.io has an unhandled 'error' event
Moderate
CVE-2024-38355
was published
for
socket.io
(npm)
Jun 19, 2024
Insufficient validation when decoding a Socket.IO packet
Moderate
CVE-2023-32695
was published
for
socket.io-parser
(npm)
May 23, 2023
JSZip contains Path Traversal via loadAsync
Moderate
CVE-2022-48285
was published
for
jszip
(npm)
Jan 29, 2023
insane vulnerable to Regular Expression Denial of Service
Moderate
CVE-2020-26303
was published
for
insane
(npm)
Oct 26, 2024
Foundation Regular Expression Denial of Service vulnerability
Moderate
CVE-2020-26304
was published
for
foundation-sites
(npm)
Oct 26, 2024
CommonRegexJS Regular Expression Denial of Service vulnerability
Moderate
CVE-2020-26305
was published
for
commonregex
(npm)
Oct 26, 2024
OpenC3 stores passwords in clear text (`GHSL-2024-129`)
Moderate
CVE-2024-47529
was published
for
@openc3/tool-common
(RubyGems)
Oct 2, 2024
dom-iterator code execution vulnerability
Moderate
CVE-2024-21541
was published
for
dom-iterator
(npm)
Nov 13, 2024
matrix-js-sdk has insufficient MXC URI validation which allows client-side path traversal
Moderate
CVE-2024-50336
was published
for
matrix-js-sdk
(npm)
Nov 12, 2024
ProTip!
Advisories are also available from the
GraphQL API