Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

155 advisories

Loading
Regular expression denial of service in jquery-validation Low
CVE-2021-43306 was published for jquery-validation (npm) Jun 3, 2022
klaudialax amita-seal
@workos-inc/authkit-nextjs refresh tokens are logged when the debug flag is enabled Low
CVE-2024-51752 was published for @workos-inc/authkit-nextjs (npm) Nov 5, 2024
@workos-inc/authkit-remix refresh tokens are logged when the debug flag is enabled Low
CVE-2024-51753 was published for @workos-inc/authkit-remix (npm) Nov 5, 2024
Valid ECDSA signatures erroneously rejected in Elliptic Low
CVE-2024-48948 was published for elliptic (npm) Oct 15, 2024
martincostello IchordeDionysos
@langchain/community SQL Injection vulnerability Low
CVE-2024-7042 was published for @langchain/community (npm) Oct 29, 2024
Forwarding of confidentials headers to third parties in fluture-node Low
CVE-2022-24719 was published for fluture-node (npm) Mar 1, 2022
Elliptic's verify function omits uniqueness validation Low
CVE-2024-48949 was published for elliptic (npm) Oct 10, 2024
Markus-MS
Express Open Redirect vulnerability Low
CVE-2024-9266 was published for express (npm) Oct 3, 2024
m3t3kh4n G-Rath
ReLaXed Cross-site Scripting vulnerability Low
CVE-2024-9283 was published for relaxedjs (npm) Sep 27, 2024
m3t3kh4n
cookie accepts cookie name, path, and domain with out of bounds characters Low
CVE-2024-47764 was published for cookie (npm) Oct 4, 2024
Agnai File Disclosure Vulnerability: JSON via Path Traversal Low
CVE-2024-47170 was published for agnai (npm) Sep 26, 2024
ropwareJB
Agnai vulnerable to Relative Path Traversal in Image Upload Low
CVE-2024-47171 was published for agnai (npm) Sep 26, 2024
ropwareJB
Mattermost Desktop App fails to sufficiently configure Electron Fuses Low
CVE-2024-45835 was published for mattermost-desktop (npm) Sep 16, 2024
Mattermost Desktop App fails to safeguard screen capture functionality Low
CVE-2024-39772 was published for mattermost-desktop (npm) Sep 16, 2024
AngularJS allows attackers to bypass common image source restrictions Low
CVE-2024-8373 was published for angular (npm) Sep 9, 2024
AngularJS allows attackers to bypass common image source restrictions Low
CVE-2024-8372 was published for angular (npm) Sep 9, 2024
CKEditor4 low-risk cross-site scripting (XSS) vulnerability linked to potential domain takeover Low
CVE-2024-43411 was published for ckeditor4 (npm) Aug 21, 2024
Stylelint has vulnerability in semver dependency Low
GHSA-f7xj-rg7h-mc87 was published for stylelint (npm) Jul 7, 2023 withdrawn
romainmenke
Elliptic's EDDSA missing signature length check Low
CVE-2024-42459 was published for elliptic (npm) Aug 2, 2024
BlazingWizard
Elliptic's ECDSA missing check for whether leading bit of r and s is zero Low
CVE-2024-42460 was published for elliptic (npm) Aug 2, 2024
BlazingWizard
Elliptic allows BER-encoded signatures Low
CVE-2024-42461 was published for elliptic (npm) Aug 2, 2024
BlazingWizard
node-ipc behavior change Low
GHSA-3mpp-xfvh-qh37 was published for node-ipc (npm) Mar 16, 2022
pallost
Undici vulnerable to data leak when using response.arrayBuffer() Low
CVE-2024-38372 was published for undici (npm) Jul 9, 2024
bcomnes KhafraDev
@jmondi/url-to-png enables capture screenshot of localhost web services (unauthenticated pages) Low
CVE-2024-39919 was published for @jmondi/url-to-png (npm) Jul 15, 2024
realArcherL
ProTip! Advisories are also available from the GraphQL API