Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

1,126 advisories

Loading
lunary-ai/lunary Access Control Vulnerability in Prompt Variation Management Moderate
CVE-2024-5389 was published for lunary (npm) Jun 10, 2024 withdrawn
Generation of Error Message Containing Sensitive Information in zsa Moderate
CVE-2024-37162 was published for zsa (npm) Jun 6, 2024
tom-sherman
Arbitrary file read via Playwright's screenshot feature exploiting file wrapper Moderate
CVE-2024-37169 was published for @jmondi/url-to-png (npm) Jun 5, 2024
timoxoszt jasonraimondi
wangEditor was discovered to contain a cross-site scripting (XSS) vulnerability via the image upload function Moderate
CVE-2022-25037 was published for @wangeditor/editor (npm) May 31, 2024
Pug allows JavaScript code execution if an application accepts untrusted input Moderate
CVE-2024-36361 was published for pug (npm) May 24, 2024
davidrunger
Oceanic allows unsanitized user input to lead to path traversal in URLs Moderate
CVE-2024-34712 was published for oceanic.js (npm) May 14, 2024
Vendicated DonovanDMC
Nuckyz
Konga is vulnerable to Cross Site Scripting (XSS) attacks Moderate
CVE-2024-34243 was published for kongadmin (npm) May 14, 2024
Regular Expression Denial of Service (ReDoS) in micromatch Moderate
CVE-2024-4067 was published for micromatch (npm) May 14, 2024
jagonalez MarioTeixeiraCx
Directus Lacks Session Tokens Invalidation Moderate
CVE-2024-34709 was published for directus (npm) May 13, 2024
Directus allows redacted data extraction on the API through "alias" Moderate
CVE-2024-34708 was published for directus (npm) May 13, 2024
elieehel
NocoDB SQL Injection vulnerability Moderate
CVE-2023-50718 was published for nocodb (npm) May 13, 2024
pyozzi-toss
NocoDB Allows Preview of Files with Dangerous Content Moderate
CVE-2023-50717 was published for nocodb (npm) May 13, 2024
pyozzi-toss
Trix Editor Arbitrary Code Execution Vulnerability Moderate
CVE-2024-34341 was published for actiontext (RubyGems) May 7, 2024
chadlwilson
kurwov vulnerable to Denial of Service due to improper data sanitization Moderate
CVE-2024-34075 was published for kurwov (npm) May 3, 2024
SuperchupuDev
Vditor allows Cross-site Scripting via an attribute of an `A` element Moderate
CVE-2024-34449 was published for vditor (npm) May 3, 2024
ejs lacks certain pollution protection Moderate
CVE-2024-33883 was published for ejs (npm) Apr 28, 2024
Renovate vulnerable to arbitrary command injection via helmv3 manager and registryAliases Moderate
GHSA-rqgv-292v-5qgr was published for renovate (npm) Apr 23, 2024
meyfa
Hono vulnerable to Restricted Directory Traversal in serveStatic with deno Moderate
CVE-2024-32869 was published for hono (npm) Apr 23, 2024
y0d3n
Stored Cross-site Scripting (XSS) in excalidraw's web embed component Moderate
CVE-2024-32472 was published for @excalidraw/excalidraw (npm) Apr 17, 2024
phin may include sensitive headers in subsequent requests after redirect Moderate
GHSA-x565-32qp-m3vf was published for phin (npm) Apr 11, 2024
Matrix IRC Bridge truncated content of messages can be leaked Moderate
CVE-2024-32000 was published for matrix-appservice-irc (npm) Apr 11, 2024
progval
Summernote vulnerable to cross-site scripting Moderate
CVE-2024-29504 was published for summernote (npm) Apr 11, 2024
zcap has incomplete expiration checks in capability chains. Moderate
CVE-2024-31995 was published for @digitalbazaar/zcap (npm) Apr 10, 2024
mysql2 cache poisoning vulnerability Moderate
CVE-2024-21507 was published for mysql2 (npm) Apr 10, 2024
ProTip! Advisories are also available from the GraphQL API