GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,133
Erlang
29
GitHub Actions
19
Go
1,939
Maven
5,000+
npm
3,677
NuGet
643
pip
3,295
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+
964 advisories
Filter by severity
rejetto HFS vulnerable to OS Command Execution by remote authenticated users
Critical
CVE-2024-39943
was published
for
hfs
(npm)
Jul 5, 2024
Prototype pollution in izatop bunt
Critical
CVE-2024-38989
was published
for
@bunt/app
(npm)
Aug 12, 2024
Jan path traversal vulnerability
Critical
CVE-2024-37273
was published
for
@janhq/core
(npm)
Jun 4, 2024
AWS Amplify CLI has incorrect trust policy management
Critical
CVE-2024-28056
was published
for
@aws-amplify/cli
(npm)
Apr 15, 2024
Cross-site scripting in Swagger-UI
Critical
CVE-2019-17495
was published
for
io.springfox:springfox-swagger-ui
(Maven)
Oct 15, 2019
lunary-ai/lunary allows users unauthorized access to projects
Critical
CVE-2024-4146
was published
for
lunary
(npm)
Jun 8, 2024
lunary-ai/lunary Access Control Vulnerability in Prompt Variation Management
Critical
CVE-2024-5389
was published
for
lunary
(npm)
Jun 10, 2024
json-logic-js Command Injection vulnerability
Critical
CVE-2021-4329
was published
for
json-logic-js
(npm)
Mar 5, 2023
Agnai vulnerable to Remote Code Execution via JS Upload using Directory Traversal
Critical
CVE-2024-47169
was published
for
agnai
(npm)
Sep 26, 2024
Escalation of privileges in @sap/xssec
Critical
CVE-2023-49583
was published
for
@sap/xssec
(npm)
Dec 12, 2023
angular-base64-upload vulnerable to unauthenticated remote code execution
Critical
CVE-2024-42640
was published
for
angular-base64-upload
(npm)
Oct 11, 2024
Vendure asset server plugin has local file read vulnerability with AssetServerPlugin & LocalAssetStorageStrategy
Critical
CVE-2024-48914
was published
for
@vendure/asset-server-plugin
(npm)
Oct 15, 2024
PIDUsage Enables OS Command Injection
Critical
CVE-2017-1000220
was published
for
pidusage
(npm)
May 13, 2022
JSONPath Plus Remote Code Execution (RCE) Vulnerability
Critical
CVE-2024-21534
was published
for
jsonpath-plus
(npm)
Oct 11, 2024
ProTip!
Advisories are also available from the
GraphQL API