GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,988
Erlang
29
GitHub Actions
16
Go
1,776
Maven
5,000+
npm
3,542
NuGet
617
pip
3,125
Pub
10
RubyGems
838
Rust
790
Swift
34
Unreviewed advisories
All unreviewed
5,000+
3,543 advisories
Filter by severity
Server Side Request Forgery (SSRF) attack in Fedify
High
CVE-2024-39687
was published
for
@fedify/fedify
(npm)
Jul 5, 2024
Undici vulnerable to data leak when using response.arrayBuffer()
Low
CVE-2024-38372
was published
for
undici
(npm)
Jul 9, 2024
Directus Blind SSRF On File Import
Moderate
CVE-2024-39699
was published
for
@directus/api
(npm)
Jul 8, 2024
Directus Allows Single Sign-On User Enumeration
High
CVE-2024-39896
was published
for
directus
(npm)
Jul 8, 2024
Directus GraphQL Field Duplication Denial of Service (DoS)
Moderate
CVE-2024-39895
was published
for
@directus/env
(npm)
Jul 8, 2024
rejetto HFS vulnerable to OS Command Execution by remote authenticated users
Critical
CVE-2024-39943
was published
for
hfs
(npm)
Jul 5, 2024
Directus incorrectly handles `_in` filter
Moderate
CVE-2024-39701
was published
for
directus
(npm)
Jul 8, 2024
Malicious Matrix homeserver can leak truncated message content of messages it shouldn't have access to
Moderate
CVE-2024-39691
was published
for
matrix-appservice-irc
(npm)
Jul 5, 2024
Pug allows JavaScript code execution if an application accepts untrusted input
Moderate
CVE-2024-36361
was published
for
pug
(npm)
May 24, 2024
Uncontrolled resource consumption in braces
High
CVE-2024-4068
was published
for
braces
(npm)
May 14, 2024
flatten-json Prototype Pollution
Moderate
CVE-2024-36574
was published
for
@allanlancioni/flatten-json
(npm)
Jun 17, 2024
Object Resolver Prototype Pollution
High
CVE-2024-36577
was published
for
@apphp/object-resolver
(npm)
Jun 17, 2024
Blackprint @blackprint/engine Prototype Pollution issue
Critical
CVE-2024-24294
was published
for
@blackprint/engine
(npm)
May 20, 2024
s3-url-parser vulnerable to Denial of Service via regexes component
High
CVE-2024-25355
was published
for
s3-url-parser
(npm)
May 1, 2024
xml-crypto vulnerable to XML signature verification bypass due improper verification of signature/signature spoofing
Critical
CVE-2024-32962
was published
for
xml-crypto
(npm)
May 1, 2024
@amoy/common v was discovered to contain a prototype pollution via the function extend
High
CVE-2024-38994
was published
for
@amoy/common
(npm)
Jul 1, 2024
frappejs was discovered to contain a prototype pollution via the function registerView
High
CVE-2024-38992
was published
for
@airvertco/frappejs
(npm)
Jul 1, 2024
akbr patch-into was discovered to contain a prototype pollution via the function patchInto
High
CVE-2024-38991
was published
for
@akbr/patch-into
(npm)
Jul 1, 2024
@akbr/update Prototype Pollution
Moderate
CVE-2024-36578
was published
for
@akbr/update
(npm)
Jun 17, 2024
adolph_dudu ratio-swiper was discovered to contain a prototype pollution via the function extendDefaults
Moderate
CVE-2024-38997
was published
for
@adolph_dudu/ratio-swiper
(npm)
Jul 1, 2024
TinyMCE Cross-Site Scripting (XSS) vulnerability using noscript elements
Moderate
CVE-2024-38357
was published
for
TinyMCE
(Composer)
Jun 19, 2024
ZDI-CAN-23894: Parse Server literalizeRegexPart SQL Injection Authentication Bypass Vulnerability
Critical
CVE-2024-39309
was published
for
parse-server
(npm)
Jul 1, 2024
TinyMCE Cross-Site Scripting (XSS) vulnerability using noneditable_regexp option
Moderate
CVE-2024-38356
was published
for
TinyMCE
(Composer)
Jun 19, 2024
protobufjs Prototype Pollution vulnerability
Critical
CVE-2023-36665
was published
for
protobufjs
(npm)
Jul 5, 2023
NPM IP package incorrectly identifies some private IP addresses as public
Low
CVE-2023-42282
was published
for
ip
(npm)
Feb 8, 2024
ProTip!
Advisories are also available from the
GraphQL API