Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

3,711 advisories

Loading
OS Command Injection in Snyk gradle plugin High
CVE-2024-48964 was published for snyk-gradle-plugin (npm) Oct 23, 2024
Prototype pollution vulnerability found in Mermaid's bundled version of DOMPurify High
GHSA-m4gq-x24j-jpmf was published for mermaid (npm) Oct 22, 2024
aloisklink sidharthv96
ashishjain0512 mlevy-parasoft byt3n33dl3
Umbraco CMS vulnerable to stored Cross-site Scripting in the "dictionary name" on Dictionary section Moderate
CVE-2024-47819 was published for @umbraco-cms/backoffice (npm) Oct 22, 2024
DuongPhamm
secp256k1-node allows private key extraction over ECDH High
CVE-2024-48930 was published for secp256k1 (npm) Oct 21, 2024
ChALkeR jprichardson
Denial of service in http-proxy-middleware High
CVE-2024-21536 was published for http-proxy-middleware (npm) Oct 19, 2024
Malicious homeservers can steal message keys when the matrix-react-sdk user invites another user to a room High
CVE-2024-47824 was published for matrix-react-sdk (npm) Oct 15, 2024
dkasak
Matrix JavaScript SDK's key history sharing could share keys to malicious devices High
CVE-2024-47080 was published for matrix-js-sdk (npm) Oct 15, 2024
dkasak
Vendure asset server plugin has local file read vulnerability with AssetServerPlugin & LocalAssetStorageStrategy Critical
CVE-2024-48914 was published for @vendure/asset-server-plugin (npm) Oct 15, 2024
Hono allows bypass of CSRF Middleware by a request without Content-Type header. Moderate
CVE-2024-48913 was published for hono (npm) Oct 15, 2024
KageShiron MathurAditya724
Valid ECDSA signatures erroneously rejected in Elliptic Low
CVE-2024-48948 was published for elliptic (npm) Oct 15, 2024
martincostello IchordeDionysos
Cross site scripting in markdown-to-jsx Moderate
CVE-2024-21535 was published for markdown-to-jsx (npm) Oct 15, 2024
DOM Clobbering Gadget found in astro's client-side router that leads to XSS Moderate
CVE-2024-47885 was published for astro (npm) Oct 14, 2024
jackfromeast ishmeals
Denial of Service condition in Next.js image optimization Moderate
CVE-2024-47831 was published for next (npm) Oct 14, 2024
angular-base64-upload vulnerable to unauthenticated remote code execution Critical
CVE-2024-42640 was published for angular-base64-upload (npm) Oct 11, 2024
rvizx
DOMpurify has a nesting-based mXSS High
CVE-2024-47875 was published for dompurify (npm) Oct 11, 2024
bastien-roucaries eslerm
JSONPath Plus Remote Code Execution (RCE) Vulnerability Critical
CVE-2024-21534 was published for jsonpath-plus (Maven) Oct 11, 2024
jdong10
Elliptic's verify function omits uniqueness validation Low
CVE-2024-48949 was published for elliptic (npm) Oct 10, 2024
Markus-MS
ggit is vulnerable to Arbitrary Argument Injection via the clone() API Moderate
CVE-2024-21533 was published for ggit (npm) Oct 8, 2024
SAP HANA Node.js client package vulnerable to Prototype Pollution Moderate
CVE-2024-45277 was published for @sap/hana-client (npm) Oct 8, 2024
ggit is vulnerable to Command Injection via the fetchTags(branch) API Moderate
CVE-2024-21532 was published for ggit (npm) Oct 8, 2024
Saltcorn Server Stored Cross-Site Scripting (XSS) in event logs page Moderate
GHSA-pf56-h9qf-rxq4 was published for @saltcorn/server (npm) Oct 7, 2024
dellalibera
Saltcorn Server allows logged-in users to delete arbitrary files because of a path traversal vulnerability High
CVE-2024-47818 was published for @saltcorn/server (npm) Oct 7, 2024
dellalibera
cookie accepts cookie name, path, and domain with out of bounds characters Low
CVE-2024-47764 was published for cookie (npm) Oct 4, 2024
Parse Server's custom object ID allows to acquire role privileges High
CVE-2024-47183 was published for parse-server (npm) Oct 4, 2024
mstniy mtrezza
ProTip! Advisories are also available from the GraphQL API