GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,971
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,091
Pub
10
RubyGems
833
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
1,045 advisories
Filter by severity
@grpc/grpc-js can allocate memory for incoming messages well above configured limits
Moderate
CVE-2024-37168
was published
for
@grpc/grpc-js
(npm)
Jun 10, 2024
Arbitrary file read via Playwright's screenshot feature exploiting file wrapper
Moderate
CVE-2024-37169
was published
for
@jmondi/url-to-png
(npm)
Jun 5, 2024
sanitize-html Information Exposure vulnerability
Moderate
CVE-2024-21501
was published
for
sanitize-html
(npm)
Feb 24, 2024
ejs lacks certain pollution protection
Moderate
CVE-2024-33883
was published
for
ejs
(npm)
Apr 28, 2024
Denial of service while parsing a tar file due to lack of folders count validation
Moderate
CVE-2024-28863
was published
for
node-tar
(npm)
Mar 22, 2024
Generation of Error Message Containing Sensitive Information in zsa
Moderate
CVE-2024-37162
was published
for
zsa
(npm)
Jun 6, 2024
wangEditor was discovered to contain a cross-site scripting (XSS) vulnerability via the image upload function
Moderate
CVE-2022-25037
was published
for
@wangeditor/editor
(npm)
May 31, 2024
Trix Editor Arbitrary Code Execution Vulnerability
Moderate
CVE-2024-34341
was published
for
actiontext
(RubyGems)
May 7, 2024
pubnub Insufficient Entropy vulnerability
Moderate
CVE-2023-26154
was published
for
Pubnub
(RubyGems)
Dec 6, 2023
MiguelCastillo @bit/loader Prototype Pollution issue
Moderate
CVE-2024-24293
was published
for
@bit/loader
(npm)
May 20, 2024
Blackprint @blackprint/engine Prototype Pollution issue
Moderate
CVE-2024-24294
was published
for
@blackprint/engine
(npm)
May 20, 2024
Duplicate Advisory: jQuery Cross Site Scripting vulnerability
Moderate
CVE-2020-23064
was published
for
jQuery
(RubyGems)
Jun 26, 2023
•
withdrawn
Potential XSS vulnerability in jQuery
Moderate
CVE-2020-11023
was published
for
jQuery
(RubyGems)
Apr 29, 2020
Zmarkdown Server-Side Request Forgery (SSRF) in remark-download-images
Moderate
GHSA-mf74-qq7w-6j7v
was published
for
remark-images-download
(npm)
Feb 3, 2024
Konga is vulnerable to Cross Site Scripting (XSS) attacks
Moderate
CVE-2024-34243
was published
for
kongadmin
(npm)
May 14, 2024
Oceanic allows unsanitized user input to lead to path traversal in URLs
Moderate
CVE-2024-34712
was published
for
oceanic.js
(npm)
May 14, 2024
Directus Lacks Session Tokens Invalidation
Moderate
CVE-2024-34709
was published
for
directus
(npm)
May 13, 2024
Directus allows redacted data extraction on the API through "alias"
Moderate
CVE-2024-34708
was published
for
directus
(npm)
May 13, 2024
NocoDB SQL Injection vulnerability
Moderate
CVE-2023-50718
was published
for
nocodb
(npm)
May 13, 2024
NocoDB Allows Preview of Files with Dangerous Content
Moderate
CVE-2023-50717
was published
for
nocodb
(npm)
May 13, 2024
Vditor allows Cross-site Scripting via an attribute of an `A` element
Moderate
CVE-2024-34449
was published
for
vditor
(npm)
May 3, 2024
kurwov vulnerable to Denial of Service due to improper data sanitization
Moderate
CVE-2024-34075
was published
for
kurwov
(npm)
May 3, 2024
s3-url-parser vulnerable to Denial of Service via regexes component
Moderate
CVE-2024-25355
was published
for
s3-url-parser
(npm)
May 1, 2024
statics-server Cross-site Scripting vulnerability
Moderate
CVE-2018-3771
was published
for
statics-server
(npm)
May 13, 2022
Uptime Kuma's authenticated path traversal via plugin repository name may lead to unavailability or data loss
Moderate
CVE-2023-36822
was published
for
uptime-kuma
(npm)
May 1, 2024
ProTip!
Advisories are also available from the
GraphQL API