GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,097
Erlang
29
GitHub Actions
19
Go
1,925
Maven
5,000+
npm
3,656
NuGet
638
pip
3,264
Pub
10
RubyGems
873
Rust
823
Swift
35
Unreviewed advisories
All unreviewed
5,000+
1,442 advisories
Filter by severity
Parse Server's custom object ID allows to acquire role privileges
High
CVE-2024-47183
was published
for
parse-server
(npm)
Oct 4, 2024
@saltcorn/server Remote Code Execution (RCE) / SQL injection via prototype pollution by manipulating `lang` and `defstring` parameters when setting localizer strings
High
GHSA-78p3-fwcq-62c2
was published
for
@saltcorn/server
(npm)
Oct 3, 2024
@saltcorn/plugins-loader unsanitized plugin name leads to a remote code execution (RCE) vulnerability when creating plugins using git source
High
GHSA-fm76-w8jw-xf8m
was published
for
@saltcorn/plugins-loader
(npm)
Oct 3, 2024
Heap-based Buffer Overflow in sqlite-vec
High
CVE-2024-46488
was published
for
sqlite-vec
(RubyGems)
Sep 25, 2024
Regular Expression Denial of Service in is-my-json-valid
High
CVE-2016-2537
was published
for
is-my-json-valid
(npm)
Oct 24, 2017
uPlot Prototype Pollution vulnerability
High
CVE-2024-21489
was published
for
uplot
(npm)
Oct 1, 2024
basic-auth-connect's callback uses time unsafe string comparison
High
CVE-2024-47178
was published
for
basic-auth-connect
(npm)
Sep 30, 2024
Remote command execution in promptr
High
CVE-2024-46489
was published
for
@ifnotnowwhen/promptr
(npm)
Sep 25, 2024
DOM Clobbering Gadget found in rollup bundled scripts that leads to XSS
High
CVE-2024-47068
was published
for
rollup
(npm)
Sep 23, 2024
StimulusReflex arbitrary method call
High
CVE-2024-28121
was published
for
stimulus_reflex
(RubyGems)
Mar 12, 2024
FUXA local file inclusion vulnerability
High
CVE-2023-31718
was published
for
fuxa-server
(npm)
Sep 22, 2023
FUXA vulnerable to Local File Inclusion
High
CVE-2023-31716
was published
for
@frangoteam/fuxa
(npm)
Sep 22, 2023
Vite before v2.9.13 vulnerable to directory traversal via crafted URL to victim's service
High
CVE-2022-35204
was published
for
vite
(npm)
Aug 19, 2022
Plate allows arbitrary DOM attributes in element.attributes and leaf.attributes
High
CVE-2024-47061
was published
for
@udecode/plate-core
(npm)
Sep 20, 2024
find-my-way has a ReDoS vulnerability in multiparametric routes
High
CVE-2024-45813
was published
for
find-my-way
(npm)
Sep 18, 2024
DOMPurify allows tampering by prototype pollution
High
CVE-2024-45801
was published
for
dompurify
(npm)
Sep 16, 2024
Apollo Query Planner and Apollo Gateway may infinitely loop on sufficiently complex queries
High
CVE-2024-43414
was published
for
@apollo/gateway
(npm)
Aug 27, 2024
Tina search token leak via lock file in TinaCMS
High
CVE-2024-45391
was published
for
@tinacms/cli
(npm)
Sep 3, 2024
path-to-regexp outputs backtracking regular expressions
High
CVE-2024-45296
was published
for
path-to-regexp
(npm)
Sep 9, 2024
In Astro-Shield, setting a correct `integrity` attribute to injected code allows to bypass the allow-lists
High
CVE-2024-30250
was published
for
@kindspells/astro-shield
(npm)
Apr 1, 2024
Content-Security-Policy header generation in middleware could be compromised by malicious injections
High
CVE-2024-29896
was published
for
@kindspells/astro-shield
(npm)
Mar 29, 2024
dset Prototype Pollution vulnerability
High
CVE-2024-21529
was published
for
dset
(npm)
Sep 11, 2024
fast-xml-parser vulnerable to ReDOS at currency parsing
High
CVE-2024-41818
was published
for
fast-xml-parser
(npm)
Jul 29, 2024
Session is cached for OpenID and OAuth2 if `redirect` is not used
High
CVE-2024-45596
was published
for
@directus/api
(npm)
Sep 10, 2024
ProTip!
Advisories are also available from the
GraphQL API