Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,056
Erlang
29
GitHub Actions
19
Go
1,889
Maven
5,000+
npm
3,618
NuGet
638
pip
3,231
Pub
10
RubyGems
854
Rust
817
Swift
35
Unreviewed advisories
All unreviewed
5,000+

1,430 advisories

Loading
dset Prototype Pollution vulnerability High
CVE-2024-21529 was published for dset (npm) Sep 11, 2024
Session is cached for OpenID and OAuth2 if `redirect` is not used High
CVE-2024-45596 was published for @directus/api (npm) Sep 10, 2024
joselcvarela
body-parser vulnerable to denial of service when url encoding is enabled High
CVE-2024-45590 was published for body-parser (npm) Sep 10, 2024
AdamKorcz UlisesGascon
ctcpip wesleytodd
path-to-regexp outputs backtracking regular expressions High
CVE-2024-45296 was published for path-to-regexp (npm) Sep 9, 2024
blakeembrey ctcpip
uniabis stbenjam pseudoralph mschfh jusemon panva alenovik jaydeep-bypt
@actions/artifact has an Arbitrary File Write via artifact extraction High
CVE-2024-42471 was published for @actions/artifact (npm) Sep 3, 2024
JLHwung
@blakeembrey/template vulnerable to code injection when attacker controls template input High
CVE-2024-45390 was published for @blakeembrey/template (npm) Sep 3, 2024
mcoimbra filipeom
Tina search token leak via lock file in TinaCMS High
CVE-2024-45391 was published for @tinacms/cli (npm) Sep 3, 2024
kldavis4 mattsbennett
Apollo Query Planner and Apollo Gateway may infinitely loop on sufficiently complex queries High
CVE-2024-43414 was published for @apollo/gateway (npm) Aug 27, 2024
Flowise Unauthenticated Denial of Service (DoS) vulnerability High
CVE-2024-8182 was published for flowise (npm) Aug 27, 2024
Flowise Authentication Bypass vulnerability High
CVE-2024-8181 was published for flowise (npm) Aug 27, 2024
unzip-stream allows Arbitrary File Write via artifact extraction High
GHSA-6jrj-vc65-c983 was published for unzip-stream (npm) Aug 26, 2024
squirrelly Code Injection vulnerability High
CVE-2024-40453 was published for squirrelly (npm) Aug 21, 2024
gettext.js has a Cross-site Scripting injection High
CVE-2024-43370 was published for gettext.js (npm) Aug 15, 2024
mcoimbra filipeom
webcrack has an Arbitrary File Write Vulnerability on Windows when Parsing and Saving a Malicious Bundle High
CVE-2024-43373 was published for webcrack (npm) Aug 14, 2024
SteakEnthusiast
Server-Side Request Forgery in axios High
CVE-2024-39338 was published for axios (npm) Aug 12, 2024
levpachmanov
Flowise Path Injection at /api/v1/openai-assistants-file High
CVE-2024-36420 was published for flowise (npm) Aug 5, 2024
Flowise Cors Misconfiguration in packages/server/src/index.ts High
CVE-2024-36421 was published for flowise (npm) Aug 5, 2024
Nuxt Icon affected by a Server-Side Request Forgery (SSRF) High
CVE-2024-42352 was published for @nuxt/icon (npm) Aug 5, 2024
OhB00 antfu
Nuxt vulnerable to remote code execution via the browser when running the test locally High
CVE-2024-34344 was published for nuxt (npm) Aug 5, 2024
Ry0taK
Nuxt Devtools has a Path Traversal: '../filedir' High
CVE-2024-23657 was published for @nuxt/devtools (npm) Aug 5, 2024
OhB00 antfu
Rocket.Chat Server-Side Request Forgery (SSRF) vulnerability High
CVE-2024-39713 was published for rocket.chat (npm) Aug 5, 2024
@75lb/deep-merge Prototype Pollution vulnerability High
CVE-2024-38986 was published for @75lb/deep-merge (npm) Jul 30, 2024
thewilkybarkid
fast-xml-parser vulnerable to ReDOS at currency parsing High
CVE-2024-41818 was published for fast-xml-parser (npm) Jul 29, 2024
Gauss-Security amitguptagwl
(ReDoS) Regular Expression Denial of Service in tf2-item-format High
CVE-2024-41655 was published for tf2-item-format (npm) Jul 23, 2024
piman51277
Plate media plugins has a XSS in media embed element when using custom URL parsers High
CVE-2024-40631 was published for @udecode/plate-media (npm) Jul 15, 2024
ProTip! Advisories are also available from the GraphQL API