Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

1,051 advisories

Loading
Server-Side Request Forgery in Request Moderate
CVE-2023-28155 was published for @cypress/request (npm) Mar 16, 2023
NikoRaisanen G-Rath
Strapi 4.1.12 Cross-site Scripting via crafted file Moderate
CVE-2022-32114 was published for @strapi/strapi (npm) Jul 14, 2022
xml2js is vulnerable to prototype pollution Moderate
CVE-2023-0842 was published for xml2js (npm) Apr 5, 2023
brokenedtzjs OIRNOIR
simonkrol Harrington-Joe_pfghub G-Rath
URL Redirection to Untrusted Site in OAuth2/OpenID in directus Moderate
CVE-2024-28239 was published for directus (npm) Mar 12, 2024
soulseekah
Dash apps vulnerable to Cross-site Scripting Moderate
CVE-2024-21485 was published for dash (npm) Feb 2, 2024
graingert
hexo-theme-anzhiyu Cross-site Scripting vulnerability Moderate
CVE-2024-25865 was published for hexo-theme-anzhiyu (npm) Mar 3, 2024
CKEditor4 Cross-site Scripting vulnerability caused by incorrect CDATA detection Moderate
CVE-2024-24815 was published for ckeditor/ckeditor (Composer) Feb 7, 2024
Rudloff
Stimulsoft Dashboard.JS Cross Site Scripting vulnerability Moderate
CVE-2024-24397 was published for stimulsoft-dashboards-js (npm) Feb 5, 2024
Directus version number disclosure Moderate
CVE-2024-27296 was published for directus (npm) Mar 1, 2024
mongo-express Cross-site Request Forgery vulnerability Moderate
CVE-2023-52555 was published for mongo-express (npm) Mar 1, 2024
Nteract Remote Code Execution vulnerability Moderate
CVE-2024-22891 was published for nteract (npm) Mar 1, 2024
CKEditor4 Cross-site Scripting vulnerability in samples with enabled the preview feature Moderate
CVE-2024-24816 was published for ckeditor4 (npm) Feb 7, 2024
mapshaper Path Traversal vulnerability Moderate
CVE-2024-1163 was published for mapshaper (npm) Feb 13, 2024
JafarAkhondali
Misinterpretation of malicious XML input Moderate
CVE-2021-32796 was published for @xmldom/xmldom (npm) Aug 3, 2021
diptendur2c
Ghost has possible Cross-site Scripting issue Moderate
CVE-2024-23724 was published for ghost (npm) Feb 11, 2024
Cross-site Scripting in Serenity Moderate
CVE-2024-26318 was published for @serenity-is/corelib (npm) Feb 19, 2024
React Native Document Picker Directory Traversal vulnerability Moderate
CVE-2024-25466 was published for react-native-document-picker (npm) Feb 16, 2024
vonovak
Default swagger-ui configuration exposes all files in the module Moderate
CVE-2024-22207 was published for @fastify/swagger-ui (npm) Jan 16, 2024
knolleary
Stimulsoft Dashboard.JS Cross Site Scripting vulnerability Moderate
CVE-2024-24396 was published for stimulsoft-dashboards-js (npm) Feb 5, 2024
semver vulnerable to Regular Expression Denial of Service Moderate
CVE-2022-25883 was published for semver (npm) Jun 21, 2023
mrgrain G-Rath
Prototype Pollution in minimist Moderate
CVE-2020-7598 was published for minimist (npm) Apr 3, 2020
ayatweb
mongodb-client-encryption vulnerable to Improper Certificate Validation Moderate
CVE-2021-20327 was published for mongodb-client-encryption (npm) Apr 12, 2021
Pkg Local Privilege Escalation Moderate
CVE-2024-24828 was published for pkg (npm) Feb 9, 2024
TomiBelan
Unlimited transforms allowed for signed nodes Moderate
CVE-2021-39171 was published for passport-saml (npm) Aug 30, 2021
pp-ps
MongoDB Driver may publish events containing authentication-related data Moderate
CVE-2021-32050 was published for github.com/mongodb/mongo-swift-driver (Composer) Aug 29, 2023
ProTip! Advisories are also available from the GraphQL API