Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,224
Erlang
31
GitHub Actions
19
Go
1,990
Maven
5,000+
npm
3,706
NuGet
661
pip
3,336
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+

1,127 advisories

Loading
Bypass of field access control in strapi-plugin-protected-populate Moderate
CVE-2023-48218 was published for strapi-plugin-protected-populate (npm) Nov 20, 2023
JWT Algorithm Confusion Moderate
CVE-2023-48223 was published for fast-jwt (npm) Nov 20, 2023
PinkDraconian
@vendure/core's insecure currencyCode handling allows wrong payment amounts Moderate
GHSA-wm63-7627-ch33 was published for @vendure/core (npm) Nov 17, 2023
seminarian
Duplicate Advisory: CKEditor Cross-site Scripting vulnerability Moderate
GHSA-hxjc-9j8v-v9pr was published for ckeditor4 (npm) Nov 16, 2023 withdrawn
TinyMCE vulnerable to mutation Cross-site Scripting via special characters in unescaped text nodes Moderate
CVE-2023-48219 was published for TinyMCE (Composer) Nov 15, 2023
masatokinugawa
DOMPurify Open Redirect vulnerability Moderate
CVE-2019-25155 was published for dompurify (npm) Nov 14, 2023
Cross-site Scripting in cesium Moderate
CVE-2023-48094 was published for cesium (npm) Nov 14, 2023 withdrawn
juburr
Bootbox.js Cross Site Scripting vulnerability Moderate
CVE-2023-46998 was published for bootbox (npm) Nov 14, 2023
Sentry Next.js vulnerable to SSRF via Next.js SDK tunnel endpoint Moderate
CVE-2023-46729 was published for @sentry/nextjs (npm) Nov 9, 2023
NASA Open MCT Cross Site Scripting vulnerability Moderate
CVE-2023-45885 was published for openmct (npm) Nov 9, 2023
MarkLee131
NASA Open MCT Cross Site Request Forgery (CSRF) vulnerability Moderate
CVE-2023-45884 was published for openmct (npm) Nov 9, 2023
MarkLee131
chromedriver Command Injection vulnerability Moderate
CVE-2023-26156 was published for chromedriver (npm) Nov 9, 2023
Axios Cross-Site Request Forgery Vulnerability Moderate
CVE-2023-45857 was published for axios (npm) Nov 8, 2023
vintagesucks danewilson
cordova-plugin-fingerprint-aio DoS vulnerability Moderate
CVE-2021-43849 was published for cordova-plugin-fingerprint-aio (npm) Nov 2, 2023
0xWise64
TinyMCE XSS vulnerability in notificationManager.open API Moderate
CVE-2023-45819 was published for TinyMCE (Composer) Oct 19, 2023
philipsinnott
TinyMCE mXSS vulnerability in undo/redo, getContent API, resetContent API, and Autosave plugin Moderate
CVE-2023-45818 was published for TinyMCE (Composer) Oct 19, 2023
masatokinugawa
React Developer Tools extension Improper Authorization vulnerability Moderate
CVE-2023-5654 was published for react-devtools-core (npm) Oct 19, 2023
nocodb SQL Injection vulnerability Moderate
CVE-2023-43794 was published for nocodb (npm) Oct 17, 2023
sylwia-budzynska
Allocation of Resources Without Limits or Throttling in vriteio/vrite Moderate
CVE-2023-5573 was published for @vrite/sdk (npm) Oct 13, 2023
Improper Input Validation in vriteio/vrite Moderate
CVE-2023-5571 was published for @vrite/sdk (npm) Oct 13, 2023
PostCSS line return parsing error Moderate
CVE-2023-44270 was published for postcss (npm) Sep 30, 2023
DCKcode
Zod denial of service vulnerability Moderate
CVE-2023-4316 was published for zod (npm) Sep 28, 2023
RobinTail
quill-mention Cross-site Scripting vulnerability Moderate
CVE-2023-26149 was published for quill-mention (npm) Sep 28, 2023
Improper Input Validation in nocodb Moderate
CVE-2023-5104 was published for nocodb (npm) Sep 21, 2023
graphql Uncontrolled Resource Consumption vulnerability Moderate
CVE-2023-26144 was published for graphql (npm) Sep 20, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database