Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,971
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,091
Pub
10
RubyGems
833
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+

1,045 advisories

Loading
@grpc/grpc-js can allocate memory for incoming messages well above configured limits Moderate
CVE-2024-37168 was published for @grpc/grpc-js (npm) Jun 10, 2024
jhump
Arbitrary file read via Playwright's screenshot feature exploiting file wrapper Moderate
CVE-2024-37169 was published for @jmondi/url-to-png (npm) Jun 5, 2024
timoxoszt jasonraimondi
sanitize-html Information Exposure vulnerability Moderate
CVE-2024-21501 was published for sanitize-html (npm) Feb 24, 2024
oscerd krassowski
ejs lacks certain pollution protection Moderate
CVE-2024-33883 was published for ejs (npm) Apr 28, 2024
Denial of service while parsing a tar file due to lack of folders count validation Moderate
CVE-2024-28863 was published for node-tar (npm) Mar 22, 2024
DEMON1A AlmogApiiro
ebickle
Generation of Error Message Containing Sensitive Information in zsa Moderate
CVE-2024-37162 was published for zsa (npm) Jun 6, 2024
tom-sherman
wangEditor was discovered to contain a cross-site scripting (XSS) vulnerability via the image upload function Moderate
CVE-2022-25037 was published for @wangeditor/editor (npm) May 31, 2024
Trix Editor Arbitrary Code Execution Vulnerability Moderate
CVE-2024-34341 was published for actiontext (RubyGems) May 7, 2024
chadlwilson
pubnub Insufficient Entropy vulnerability Moderate
CVE-2023-26154 was published for Pubnub (RubyGems) Dec 6, 2023
MiguelCastillo @bit/loader Prototype Pollution issue Moderate
CVE-2024-24293 was published for @bit/loader (npm) May 20, 2024
Blackprint @blackprint/engine Prototype Pollution issue Moderate
CVE-2024-24294 was published for @blackprint/engine (npm) May 20, 2024
Duplicate Advisory: jQuery Cross Site Scripting vulnerability Moderate
CVE-2020-23064 was published for jQuery (RubyGems) Jun 26, 2023 withdrawn
eoftedal
Potential XSS vulnerability in jQuery Moderate
CVE-2020-11023 was published for jQuery (RubyGems) Apr 29, 2020
masatokinugawa klaudialax
Zmarkdown Server-Side Request Forgery (SSRF) in remark-download-images Moderate
GHSA-mf74-qq7w-6j7v was published for remark-images-download (npm) Feb 3, 2024
gustavi
Konga is vulnerable to Cross Site Scripting (XSS) attacks Moderate
CVE-2024-34243 was published for kongadmin (npm) May 14, 2024
Oceanic allows unsanitized user input to lead to path traversal in URLs Moderate
CVE-2024-34712 was published for oceanic.js (npm) May 14, 2024
Vendicated DonovanDMC
Nuckyz
Directus Lacks Session Tokens Invalidation Moderate
CVE-2024-34709 was published for directus (npm) May 13, 2024
Directus allows redacted data extraction on the API through "alias" Moderate
CVE-2024-34708 was published for directus (npm) May 13, 2024
elieehel
NocoDB SQL Injection vulnerability Moderate
CVE-2023-50718 was published for nocodb (npm) May 13, 2024
pyozzi-toss
NocoDB Allows Preview of Files with Dangerous Content Moderate
CVE-2023-50717 was published for nocodb (npm) May 13, 2024
pyozzi-toss
Vditor allows Cross-site Scripting via an attribute of an `A` element Moderate
CVE-2024-34449 was published for vditor (npm) May 3, 2024
kurwov vulnerable to Denial of Service due to improper data sanitization Moderate
CVE-2024-34075 was published for kurwov (npm) May 3, 2024
SuperchupuDev
s3-url-parser vulnerable to Denial of Service via regexes component Moderate
CVE-2024-25355 was published for s3-url-parser (npm) May 1, 2024
statics-server Cross-site Scripting vulnerability Moderate
CVE-2018-3771 was published for statics-server (npm) May 13, 2022
Uptime Kuma's authenticated path traversal via plugin repository name may lead to unavailability or data loss Moderate
CVE-2023-36822 was published for uptime-kuma (npm) May 1, 2024
n-thumann
ProTip! Advisories are also available from the GraphQL API