Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,266
Erlang
31
GitHub Actions
21
Go
2,041
Maven
5,000+
npm
3,733
NuGet
662
pip
3,414
Pub
12
RubyGems
891
Rust
866
Swift
36
Unreviewed advisories
All unreviewed
5,000+

3,733 advisories

Loading
Next.js authorization bypass vulnerability High
CVE-2024-51479 was published for next (npm) Dec 17, 2024
tyage
pnpm no-script global cache poisoning via overrides / `ignore-scripts` evasion Moderate
CVE-2024-53866 was published for pnpm (npm) Dec 10, 2024
ChALkeR
Avenwu Whistle Cross-Site Request Forgery (CSRF) High
CVE-2024-55500 was published for whistle (npm) Dec 10, 2024
Angular Expressions - Remote Code Execution when using locals Critical
CVE-2024-54152 was published for angular-expressions (npm) Dec 10, 2024
JorianWoltjer
Bit flip attack vulnerability in cookie-encrypter High
CVE-2024-53441 was published for cookie-encrypter (npm) Dec 9, 2024
mathysEthical
Directus allows unauthenticated access to WebSocket events and operations High
CVE-2024-54151 was published for @directus/api (npm) Dec 9, 2024
SeanDylanGoff fishuke
Trix editor subject to XSS vulnerabilities on copy & paste Moderate
CVE-2024-53847 was published for trix (npm) Dec 9, 2024
Predictable results in nanoid generation when given non-integer values Moderate
CVE-2024-55565 was published for nanoid (npm) Dec 9, 2024
krassowski katzj
CrzyHAX91
Unpatched `path-to-regexp` ReDoS in 0.1.x Moderate
CVE-2024-52798 was published for path-to-regexp (npm) Dec 5, 2024
blakeembrey ctcpip
Directus has an HTML Injection in Comment Moderate
CVE-2024-54128 was published for @directus/app (npm) Dec 5, 2024
mastomii r3dpower
Firepad allows insecure document access Low
CVE-2024-51210 was published for firepad (npm) Dec 4, 2024
Modified package published to npm, containing malware that exfiltrates private key material High
CVE-2024-54134 was published for @solana/web3.js (npm) Dec 4, 2024
Backstage Scaffolder plugin vulnerable to Server-Side Request Forgery Moderate
CVE-2024-53983 was published for @backstage/plugin-scaffolder-node (npm) Dec 2, 2024
Mongoose search injection vulnerability High
CVE-2024-53900 was published for mongoose (npm) Dec 2, 2024
balles skrtheboss
hull.js Code Injection Vulnerability Critical
GHSA-q849-wxrc-vqrp was published for hull.js (npm) Dec 2, 2024
mcoimbra filipeom
@intlify/shared Prototype Pollution vulnerability Moderate
CVE-2024-52810 was published for @intlify/shared (npm) Dec 2, 2024
BobbieGoede
vue-i18n has cross-site scripting vulnerability with prototype pollution Moderate
CVE-2024-52809 was published for @intlify/core (npm) Dec 2, 2024
BobbieGoede
@dapperduckling/keycloak-connector-server has Reflected XSS Vulnerability in Authentication Flow URL Handling Moderate
CVE-2024-53843 was published for @dapperduckling/keycloak-connector-server (npm) Nov 26, 2024
@lobehub/chat Server Side Request Forgery vulnerability High
CVE-2024-32965 was published for @lobehub/chat (npm) Nov 26, 2024
yyzsec
@sveltejs/kit vulnerable to on dev mode 404 page Low
CVE-2024-53261 was published for @sveltejs/kit (npm) Nov 25, 2024
benmccann eltigerchino
@sveltejs/kit has unescaped error message included on error page Low
CVE-2024-53262 was published for @sveltejs/kit (npm) Nov 25, 2024
dominikg eltigerchino
benmccann
smol-toml has a Denial of Service via malicious TOML document using deeply nested inline tables Moderate
GHSA-pqhp-25j4-6hq9 was published for smol-toml (npm) Nov 22, 2024
TheKodeToad
Flowise OverrideConfig security vulnerability High
GHSA-5cph-wvm9-45gj was published for flowise (npm) Nov 21, 2024
ryanhalliday
Firebase JavaScript SDK allows attackers to manipulate the "_authTokenSyncURL" to point to their own server Moderate
CVE-2024-11023 was published for firebase (npm) Nov 18, 2024
Regular Expression Denial of Service (ReDoS) in @eslint/plugin-kit Low
CVE-2024-21539 was published for @eslint/plugin-kit (npm) Nov 15, 2024
mariancorneci-snyk SuperMaxine
MikuroXina
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database