Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,231
Erlang
31
GitHub Actions
20
Go
1,991
Maven
5,000+
npm
3,709
NuGet
661
pip
3,341
Pub
11
RubyGems
884
Rust
846
Swift
36
Unreviewed advisories
All unreviewed
5,000+

1,126 advisories

Loading
Directus version number disclosure Moderate
CVE-2024-27296 was published for directus (npm) Mar 1, 2024
mongo-express Cross-site Request Forgery vulnerability Moderate
CVE-2023-52555 was published for mongo-express (npm) Mar 1, 2024
Nteract Remote Code Execution vulnerability Moderate
CVE-2024-22891 was published for nteract (npm) Mar 1, 2024
sanitize-html Information Exposure vulnerability Moderate
CVE-2024-21501 was published for sanitize-html (npm) Feb 24, 2024
oscerd krassowski
Cross-site Scripting in Serenity Moderate
CVE-2024-26318 was published for @serenity-is/corelib (npm) Feb 19, 2024
fetch(url) leads to a memory leak in undici Moderate
CVE-2024-24750 was published for undici (npm) Feb 16, 2024
mcollina
mapshaper Path Traversal vulnerability Moderate
CVE-2024-1163 was published for mapshaper (npm) Feb 13, 2024
JafarAkhondali
Ghost has possible Cross-site Scripting issue Moderate
CVE-2024-23724 was published for ghost (npm) Feb 11, 2024
Pkg Local Privilege Escalation Moderate
CVE-2024-24828 was published for pkg (npm) Feb 9, 2024
TomiBelan
CKEditor cross-site scripting vulnerability in AJAX sample Moderate
CVE-2023-4771 was published for ckeditor4 (npm) Feb 7, 2024
CKEditor4 Cross-site Scripting vulnerability in samples with enabled the preview feature Moderate
CVE-2024-24816 was published for ckeditor4 (npm) Feb 7, 2024
CKEditor4 Cross-site Scripting vulnerability caused by incorrect CDATA detection Moderate
CVE-2024-24815 was published for ckeditor/ckeditor (Composer) Feb 7, 2024
Rudloff
Stimulsoft Dashboard.JS Cross Site Scripting vulnerability Moderate
CVE-2024-24396 was published for stimulsoft-dashboards-js (npm) Feb 5, 2024
Stimulsoft Dashboard.JS Cross Site Scripting vulnerability Moderate
CVE-2024-24397 was published for stimulsoft-dashboards-js (npm) Feb 5, 2024
Zmarkdown Server-Side Request Forgery (SSRF) in remark-download-images Moderate
GHSA-mf74-qq7w-6j7v was published for remark-images-download (npm) Feb 3, 2024
gustavi
Dash apps vulnerable to Cross-site Scripting Moderate
CVE-2024-21485 was published for dash (npm) Feb 2, 2024
graingert
nodemailer ReDoS when trying to send a specially crafted email Moderate
GHSA-9h6g-pr28-7cqp was published for nodemailer (npm) Jan 31, 2024
francoatmega
@lobehub/chat vulnerable to unauthorized access to plugins Moderate
CVE-2024-24566 was published for @lobehub/chat (npm) Jan 31, 2024
dastaj
Prototype pollution not blocked by object-path related utilities in hoolock Moderate
CVE-2024-23339 was published for hoolock (npm) Jan 23, 2024
d3ng03
@hono/node-server cannot handle "double dots" in URL Moderate
CVE-2024-23340 was published for @hono/node-server (npm) Jan 23, 2024
Cross-site Scripting in Ghost Moderate
CVE-2024-23725 was published for ghost (npm) Jan 21, 2024
Default swagger-ui configuration exposes all files in the module Moderate
CVE-2024-22207 was published for @fastify/swagger-ui (npm) Jan 16, 2024
knolleary
react-native-mmkv Insertion of Sensitive Information into Log File vulnerability Moderate
CVE-2024-21668 was published for react-native-mmkv (npm) Jan 9, 2024
maxammann
Apprite CLI makes Use of Hard-coded Credentials Moderate
CVE-2023-50974 was published for appwrite (npm) Jan 9, 2024
@fastify/reply-from JSON Content-Type parsing confusion Moderate
CVE-2023-51701 was published for @fastify/reply-from (npm) Jan 8, 2024
qwerty472123
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database