GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,097
Erlang
29
GitHub Actions
19
Go
1,925
Maven
5,000+
npm
3,656
NuGet
638
pip
3,264
Pub
10
RubyGems
873
Rust
823
Swift
35
Unreviewed advisories
All unreviewed
5,000+
1,106 advisories
Filter by severity
@saltcorn/server arbitrary file zip read and download when downloading auto backups
Moderate
GHSA-277h-px4m-62q8
was published
for
@saltcorn/server
(npm)
Oct 3, 2024
@saltcorn/server arbitrary file and directory listing when accessing build mobile app results
Moderate
GHSA-cfqx-f43m-vfh7
was published
for
@saltcorn/server
(npm)
Oct 3, 2024
Sentry SDK Prototype Pollution gadget in JavaScript SDKs
Moderate
GHSA-593m-55hh-j8gv
was published
for
@sentry/browser
(npm)
Oct 3, 2024
Unexpected visibility of environment variable configurations in @backstage/plugin-app-backend
Moderate
CVE-2024-47762
was published
for
@backstage/plugin-app-backend
(npm)
Oct 3, 2024
SUCHMOKUO node-worker-threads-pool denial of service Vulnerability
Moderate
CVE-2021-29057
was published
for
node-worker-threads-pool
(npm)
Aug 11, 2023
OpenC3 stores passwords in clear text (`GHSL-2024-129`)
Moderate
CVE-2024-47529
was published
for
@openc3/tool-common
(RubyGems)
Oct 2, 2024
OpenC3 Cross-site Scripting in Login functionality (`GHSL-2024-128`)
Moderate
CVE-2024-43795
was published
for
@openc3/tool-common
(RubyGems)
Oct 2, 2024
git-shallow-clone OS Command Injection vulnerability
Moderate
CVE-2024-21531
was published
for
git-shallow-clone
(npm)
Oct 1, 2024
Flowise and Flowise Chat Embed vulnerable to Stored Cross-site Scripting
Moderate
CVE-2024-9148
was published
for
flowise
(npm)
Sep 25, 2024
lobe-chat implemented an insufficient fix for GHSA-mxhq-xw3g-rphc (CVE-2024-32964)
Moderate
CVE-2024-47066
was published
for
@lobehub/chat
(npm)
Sep 23, 2024
Cross-site scripting (XSS) in the clipboard package
Moderate
CVE-2024-45613
was published
for
@ckeditor/ckeditor5-clipboard
(npm)
Sep 25, 2024
Layui has DOM Clobbering gadgets that leads to Cross-site Scripting
Moderate
CVE-2024-47075
was published
for
layui
(npm)
Sep 26, 2024
Denial of service in rocket chat message parser
Moderate
CVE-2024-46935
was published
for
@rocket.chat/message-parser
(npm)
Sep 25, 2024
Strapi's field level permissions not being respected in relationship title
Moderate
CVE-2023-37263
was published
for
@strapi/plugin-content-manager
(npm)
Sep 13, 2023
Lunary Improper Authentication vulnerability
Moderate
CVE-2024-6582
was published
for
lunary
(npm)
Sep 13, 2024
Vite's `server.fs.deny` is bypassed when using `?import&raw`
Moderate
CVE-2024-45811
was published
for
vite
(npm)
Sep 17, 2024
Vite DOM Clobbering gadget found in vite bundled scripts that leads to XSS
Moderate
CVE-2024-45812
was published
for
vite
(npm)
Sep 17, 2024
DOM Clobbering Gadget found in Rspack's AutoPublicPathRuntimeModule that leads to XSS
Moderate
GHSA-84jw-g43v-8gjm
was published
for
@rspack/core
(npm)
Sep 19, 2024
Directus vulnerable to SSRF Loopback IP filter bypass
Moderate
CVE-2024-46990
was published
for
@directus/api
(npm)
Sep 18, 2024
ASAR Integrity bypass via filetype confusion in electron
Moderate
CVE-2023-44402
was published
for
electron
(npm)
Dec 1, 2023
@backstage/plugin-techdocs-backend storage bucket Directory Traversal vulnerability
Moderate
CVE-2024-45816
was published
for
@backstage/plugin-techdocs-backend
(npm)
Sep 17, 2024
@backstage/plugin-catalog-backend Prototype Pollution vulnerability
Moderate
CVE-2024-45815
was published
for
@backstage/plugin-catalog-backend
(npm)
Sep 17, 2024
@backstage/plugin-techdocs-backend vulnerable to circumvention of cross site scripting protection
Moderate
CVE-2024-46976
was published
for
@backstage/plugin-techdocs-backend
(npm)
Sep 17, 2024
Ghost's improper authentication allows access to member information and actions
Moderate
CVE-2024-43409
was published
for
@tryghost/portal
(npm)
Aug 20, 2024
ProTip!
Advisories are also available from the
GraphQL API