GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
1,045 advisories
@node-saml/node-saml's validatePostRequestAsync does not include checkTimestampsValidityError
Moderate
CVE-2023-40178
was published
for
@node-saml/node-saml
(npm)
Aug 21, 2023
Ghost vulnerable to arbitrary file read via symlinks in content import
Moderate
CVE-2023-40028
was published
for
ghost
(npm)
Aug 15, 2023
When `ui.isAccessAllowed` is `undefined`, the `adminMeta` GraphQL query is publicly accessible
Moderate
CVE-2023-40027
was published
for
@keystone-6/core
(npm)
Aug 15, 2023
Svelecte item names vulnerable to execution of arbitrary JavaScript
Moderate
CVE-2023-38687
was published
for
svelecte
(npm)
Aug 14, 2023
@simonsmith/cypress-image-snapshothas fix for insecure snapshot file names
Moderate
CVE-2023-38695
was published
for
@simonsmith/cypress-image-snapshot
(npm)
Aug 1, 2023
Incorrect Permission Checking for GraphQL Subscriptions
Moderate
CVE-2023-38503
was published
for
directus
(npm)
Jul 25, 2023
Unintentional leakage of private information via cross-origin websocket session hijacking
Moderate
CVE-2023-2850
was published
for
nodebb
(npm)
Jul 25, 2023
Making all attributes on a content-type public without noticing it
Moderate
CVE-2023-34093
was published
for
@strapi/database
(npm)
Jul 25, 2023
ckeditor-wordcount-plugin vulnerable to Cross-site Scripting in Source Mode of Editor
Moderate
CVE-2023-37905
was published
for
ckeditor-wordcount-plugin
(npm)
Jul 10, 2023
@vendure/admin-ui-plugin authenticated Cross-site Scripting vulnerability
Moderate
GHSA-gm68-572p-q28r
was published
for
@vendure/admin-ui-plugin
(npm)
Jul 6, 2023
ProTip!
Advisories are also available from the
GraphQL API