GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
1,154 advisories
Opening a malicious website while running a Nuxt dev server could allow read-only access to code
Moderate
CVE-2025-24361
was published
for
@nuxt/rspack-builder
(npm)
Jan 27, 2025
Opening a malicious website while running a Nuxt dev server could allow read-only access to code
Moderate
CVE-2025-24360
was published
for
@nuxt/vite-builder
(npm)
Jan 27, 2025
Directus allows privilege escalation using Share feature
Moderate
CVE-2025-24353
was published
for
directus
(npm)
Jan 23, 2025
MathLive's Lack of Escaping of HTML allows for XSS
Moderate
GHSA-qwj6-q94f-8425
was published
for
mathlive
(npm)
Jan 21, 2025
Use of Insufficiently Random Values in undici
Moderate
CVE-2025-22150
was published
for
undici
(npm)
Jan 21, 2025
XSS/HTML Injection Vulnerability in Umbraco Backoffice Components
Moderate
CVE-2025-24012
was published
for
@umbraco-cms/backoffice
(npm)
Jan 21, 2025
Infinite loop and Blind SSRF found inside the Webfinger mechanism in @fedify/fedify
Moderate
CVE-2025-23221
was published
for
@fedify/fedify
(npm)
Jan 21, 2025
Websites were able to send any requests to the development server and read the response in vite
Moderate
CVE-2025-24010
was published
for
vite
(npm)
Jan 21, 2025
KaTeX \htmlData does not validate attribute names
Moderate
CVE-2025-23207
was published
for
katex
(npm)
Jan 17, 2025
Next.js Allows a Denial of Service (DoS) with Server Actions
Moderate
CVE-2024-56332
was published
for
next
(npm)
Jan 3, 2025
Trix allows Cross-site Scripting via `javascript:` url in a link
Moderate
CVE-2025-21610
was published
for
trix
(npm)
Jan 3, 2025
Marp Core allows XSS by improper neutralization of HTML sanitization
Moderate
CVE-2024-56510
was published
for
@marp-team/marp-core
(npm)
Dec 26, 2024
uptime-kuma vulnerable to Local File Inclusion (LFI) via Improper URL Handling in `Real-Browser` monitor
Moderate
CVE-2024-56331
was published
for
uptime-kuma
(npm)
Dec 20, 2024
Atro CSRF Middleware Bypass (security.checkOrigin)
Moderate
CVE-2024-56140
was published
for
astro
(npm)
Dec 18, 2024
Bun has an Application-level Prototype Pollution vulnerability in the runtime native API for Glo
Moderate
CVE-2024-21548
was published
for
bun
(npm)
Dec 18, 2024
pnpm no-script global cache poisoning via overrides / `ignore-scripts` evasion
Moderate
CVE-2024-53866
was published
for
pnpm
(npm)
Dec 10, 2024
Predictable results in nanoid generation when given non-integer values
Moderate
CVE-2024-55565
was published
for
nanoid
(npm)
Dec 9, 2024
Directus has an HTML Injection in Comment
Moderate
CVE-2024-54128
was published
for
@directus/app
(npm)
Dec 5, 2024
@intlify/shared Prototype Pollution vulnerability
Moderate
CVE-2024-52810
was published
for
@intlify/shared
(npm)
Dec 2, 2024
vue-i18n has cross-site scripting vulnerability with prototype pollution
Moderate
CVE-2024-52809
was published
for
@intlify/core
(npm)
Dec 2, 2024
ProTip!
Advisories are also available from the
GraphQL API