GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,279
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,421
Pub
12
RubyGems
891
Rust
873
Swift
36
Unreviewed advisories
All unreviewed
5,000+
1,466 advisories
Filter by severity
Systeminformation has command injection vulnerability in getWindowsIEEE8021x (SSID)
High
CVE-2024-56334
was published
for
systeminformation
(npm)
Dec 20, 2024
Astro's server source code is exposed to the public if sourcemaps are enabled
High
CVE-2024-56159
was published
for
astro
(npm)
Dec 19, 2024
Next.js authorization bypass vulnerability
High
CVE-2024-51479
was published
for
next
(npm)
Dec 17, 2024
Avenwu Whistle Cross-Site Request Forgery (CSRF)
High
CVE-2024-55500
was published
for
whistle
(npm)
Dec 10, 2024
Bit flip attack vulnerability in cookie-encrypter
High
CVE-2024-53441
was published
for
cookie-encrypter
(npm)
Dec 9, 2024
Directus allows unauthenticated access to WebSocket events and operations
High
CVE-2024-54151
was published
for
@directus/api
(npm)
Dec 9, 2024
Modified package published to npm, containing malware that exfiltrates private key material
High
CVE-2024-54134
was published
for
@solana/web3.js
(npm)
Dec 4, 2024
Mongoose search injection vulnerability
High
CVE-2024-53900
was published
for
mongoose
(npm)
Dec 2, 2024
@lobehub/chat Server Side Request Forgery vulnerability
High
CVE-2024-32965
was published
for
@lobehub/chat
(npm)
Nov 26, 2024
Flowise OverrideConfig security vulnerability
High
GHSA-5cph-wvm9-45gj
was published
for
flowise
(npm)
Nov 21, 2024
Remote Code Execution on click of <a> Link in markdown preview
High
CVE-2024-49362
was published
for
joplin
(npm)
Nov 14, 2024
Regular Expression Denial of Service (ReDoS) in cross-spawn
High
CVE-2024-21538
was published
for
cross-spawn
(npm)
Nov 8, 2024
Path traversal in oak allows transfer of hidden files within the served root directory
High
CVE-2024-49770
was published
for
@oakserver/oak
(npm)
Nov 1, 2024
lilconfig Code Injection vulnerability
High
CVE-2024-21537
was published
for
lilconfig
(npm)
Oct 31, 2024
OS Command Injection in Snyk gradle plugin
High
CVE-2024-48964
was published
for
snyk-gradle-plugin
(npm)
Oct 23, 2024
OS Command Injection in Snyk php plugin
High
CVE-2024-48963
was published
for
snyk-php-plugin
(npm)
Oct 23, 2024
Prototype pollution vulnerability found in Mermaid's bundled version of DOMPurify
High
GHSA-m4gq-x24j-jpmf
was published
for
mermaid
(npm)
Oct 22, 2024
secp256k1-node allows private key extraction over ECDH
High
CVE-2024-48930
was published
for
secp256k1
(npm)
Oct 21, 2024
Denial of service in http-proxy-middleware
High
CVE-2024-21536
was published
for
http-proxy-middleware
(npm)
Oct 19, 2024
Malicious homeservers can steal message keys when the matrix-react-sdk user invites another user to a room
High
CVE-2024-47824
was published
for
matrix-react-sdk
(npm)
Oct 15, 2024
Matrix JavaScript SDK's key history sharing could share keys to malicious devices
High
CVE-2024-47080
was published
for
matrix-js-sdk
(npm)
Oct 15, 2024
DOMpurify has a nesting-based mXSS
High
CVE-2024-47875
was published
for
dompurify
(npm)
Oct 11, 2024
Saltcorn Server allows logged-in users to delete arbitrary files because of a path traversal vulnerability
High
CVE-2024-47818
was published
for
@saltcorn/server
(npm)
Oct 7, 2024
Parse Server's custom object ID allows to acquire role privileges
High
CVE-2024-47183
was published
for
parse-server
(npm)
Oct 4, 2024
@saltcorn/plugins-loader unsanitized plugin name leads to a remote code execution (RCE) vulnerability when creating plugins using git source
High
GHSA-fm76-w8jw-xf8m
was published
for
@saltcorn/plugins-loader
(npm)
Oct 3, 2024
ProTip!
Advisories are also available from the
GraphQL API