GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,133
Erlang
29
GitHub Actions
19
Go
1,940
Maven
5,000+
npm
3,677
NuGet
645
pip
3,295
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+
1,447 advisories
Filter by severity
Signature Malleabillity in elliptic
High
CVE-2020-13822
was published
for
elliptic
(npm)
Jul 29, 2020
Malicious homeservers can steal message keys when the matrix-react-sdk user invites another user to a room
High
CVE-2024-47824
was published
for
matrix-react-sdk
(npm)
Oct 15, 2024
Matrix JavaScript SDK's key history sharing could share keys to malicious devices
High
CVE-2024-47080
was published
for
matrix-js-sdk
(npm)
Oct 15, 2024
DOMpurify has a nesting-based mXSS
High
CVE-2024-47875
was published
for
dompurify
(npm)
Oct 11, 2024
fast-xml-parser vulnerable to ReDOS at currency parsing
High
CVE-2024-41818
was published
for
fast-xml-parser
(npm)
Jul 29, 2024
Saltcorn Server allows logged-in users to delete arbitrary files because of a path traversal vulnerability
High
CVE-2024-47818
was published
for
@saltcorn/server
(npm)
Oct 7, 2024
find-my-way has a ReDoS vulnerability in multiparametric routes
High
CVE-2024-45813
was published
for
find-my-way
(npm)
Sep 18, 2024
Strapi Server-Side Request Forgery (SSRF)
High
CVE-2024-37818
was published
for
@strapi/strapi
(npm)
Jun 20, 2024
Parse Server's custom object ID allows to acquire role privileges
High
CVE-2024-47183
was published
for
parse-server
(npm)
Oct 4, 2024
@saltcorn/server Remote Code Execution (RCE) / SQL injection via prototype pollution by manipulating `lang` and `defstring` parameters when setting localizer strings
High
GHSA-78p3-fwcq-62c2
was published
for
@saltcorn/server
(npm)
Oct 3, 2024
@saltcorn/plugins-loader unsanitized plugin name leads to a remote code execution (RCE) vulnerability when creating plugins using git source
High
GHSA-fm76-w8jw-xf8m
was published
for
@saltcorn/plugins-loader
(npm)
Oct 3, 2024
Heap-based Buffer Overflow in sqlite-vec
High
CVE-2024-46488
was published
for
sqlite-vec
(RubyGems)
Sep 25, 2024
Regular Expression Denial of Service in is-my-json-valid
High
CVE-2016-2537
was published
for
is-my-json-valid
(npm)
Oct 24, 2017
uPlot Prototype Pollution vulnerability
High
CVE-2024-21489
was published
for
uplot
(npm)
Oct 1, 2024
basic-auth-connect's callback uses time unsafe string comparison
High
CVE-2024-47178
was published
for
basic-auth-connect
(npm)
Sep 30, 2024
Remote command execution in promptr
High
CVE-2024-46489
was published
for
@ifnotnowwhen/promptr
(npm)
Sep 25, 2024
DOM Clobbering Gadget found in rollup bundled scripts that leads to XSS
High
CVE-2024-47068
was published
for
rollup
(npm)
Sep 23, 2024
StimulusReflex arbitrary method call
High
CVE-2024-28121
was published
for
stimulus_reflex
(RubyGems)
Mar 12, 2024
FUXA local file inclusion vulnerability
High
CVE-2023-31718
was published
for
fuxa-server
(npm)
Sep 22, 2023
FUXA vulnerable to Local File Inclusion
High
CVE-2023-31716
was published
for
@frangoteam/fuxa
(npm)
Sep 22, 2023
Vite before v2.9.13 vulnerable to directory traversal via crafted URL to victim's service
High
CVE-2022-35204
was published
for
vite
(npm)
Aug 19, 2022
Plate allows arbitrary DOM attributes in element.attributes and leaf.attributes
High
CVE-2024-47061
was published
for
@udecode/plate-core
(npm)
Sep 20, 2024
DOMPurify allows tampering by prototype pollution
High
CVE-2024-45801
was published
for
dompurify
(npm)
Sep 16, 2024
ProTip!
Advisories are also available from the
GraphQL API