GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,081
Erlang
29
GitHub Actions
19
Go
1,909
Maven
5,000+
npm
3,642
NuGet
638
pip
3,258
Pub
10
RubyGems
869
Rust
820
Swift
35
Unreviewed advisories
All unreviewed
5,000+
1,096 advisories
Filter by severity
Layui cross-site scripting (XSS) vulnerability
Moderate
CVE-2023-50550
was published
for
layui
(npm)
Dec 30, 2023
blinksocks has weak encryption algorithms
Moderate
CVE-2023-50481
was published
for
blinksocks
(npm)
Dec 21, 2023
Named path parameters can be overridden in TrieRouter
Moderate
CVE-2023-50710
was published
for
hono
(npm)
Dec 15, 2023
Cube API denial of service attack
Moderate
CVE-2023-50709
was published
for
@cubejs-backend/api-gateway
(npm)
Dec 13, 2023
Password Change Vulnerability
Moderate
CVE-2023-49804
was published
for
uptime-kuma
(npm)
Dec 12, 2023
OpenZeppelin Contracts and Contracts Upgradeable duplicated execution of subcalls in v4.9.4
Moderate
CVE-2023-49798
was published
for
@openzeppelin/contracts
(npm)
Dec 12, 2023
Cross-site Scripting in evershop
Moderate
CVE-2023-46499
was published
for
@evershop/evershop
(npm)
Dec 8, 2023
Directory Traversal in evershop
Moderate
CVE-2023-46493
was published
for
@evershop/evershop
(npm)
Dec 8, 2023
Cross Site Scripting in evershop
Moderate
CVE-2023-46494
was published
for
@evershop/evershop
(npm)
Dec 8, 2023
Cross-site Scripting in evershop
Moderate
CVE-2023-46495
was published
for
@evershop/evershop
(npm)
Dec 8, 2023
Directory Traversal in evershop
Moderate
CVE-2023-46497
was published
for
@evershop/evershop
(npm)
Dec 8, 2023
Directory Traversal in Gladys Assistant
Moderate
CVE-2023-47440
was published
for
gladys
(npm)
Dec 7, 2023
pubnub Insufficient Entropy vulnerability
Moderate
CVE-2023-26154
was published
for
Pubnub
(RubyGems)
Dec 6, 2023
Vite XSS vulnerability in `server.transformIndexHtml` via URL payload
Moderate
CVE-2023-49293
was published
for
vite
(npm)
Dec 5, 2023
Logging of the firestore key within nodejs-firestore
Moderate
CVE-2023-6460
was published
for
@google-cloud/firestore
(npm)
Dec 4, 2023
ASAR Integrity bypass via filetype confusion in electron
Moderate
CVE-2023-44402
was published
for
electron
(npm)
Dec 1, 2023
@adobe/css-tools Improper Input Validation and Inefficient Regular Expression Complexity
Moderate
CVE-2023-48631
was published
for
@adobe/css-tools
(npm)
Nov 30, 2023
Uptime Kuma Authenticated remote code execution via TailscalePing
Moderate
GHSA-hfxh-rjv7-2369
was published
for
uptime-kuma
(npm)
Nov 27, 2023
Attribute Injection leading to XSS(Cross-Site-Scripting)
Moderate
CVE-2023-49276
was published
for
uptime-kuma
(npm)
Nov 24, 2023
Possible user mocking that bypasses basic authentication
Moderate
CVE-2023-48309
was published
for
next-auth
(npm)
Nov 20, 2023
Bypass of field access control in strapi-plugin-protected-populate
Moderate
CVE-2023-48218
was published
for
strapi-plugin-protected-populate
(npm)
Nov 20, 2023
@vendure/core's insecure currencyCode handling allows wrong payment amounts
Moderate
GHSA-wm63-7627-ch33
was published
for
@vendure/core
(npm)
Nov 17, 2023
Duplicate Advisory: CKEditor Cross-site Scripting vulnerability
Moderate
GHSA-hxjc-9j8v-v9pr
was published
for
ckeditor4
(npm)
Nov 16, 2023
•
withdrawn
TinyMCE vulnerable to mutation Cross-site Scripting via special characters in unescaped text nodes
Moderate
CVE-2023-48219
was published
for
TinyMCE
(Composer)
Nov 15, 2023
ProTip!
Advisories are also available from the
GraphQL API