GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,133
Erlang
29
GitHub Actions
19
Go
1,940
Maven
5,000+
npm
3,677
NuGet
645
pip
3,295
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+
147 advisories
Filter by severity
Cross site scripting in markdown-to-jsx
Moderate
CVE-2024-21535
was published
for
markdown-to-jsx
(npm)
Oct 15, 2024
Saltcorn Server Stored Cross-Site Scripting (XSS) in event logs page
Moderate
GHSA-pf56-h9qf-rxq4
was published
for
@saltcorn/server
(npm)
Oct 7, 2024
Cross-site scripting (XSS) in the clipboard package
Moderate
CVE-2024-45613
was published
for
@ckeditor/ckeditor5-clipboard
(npm)
Sep 25, 2024
lobe-chat implemented an insufficient fix for GHSA-mxhq-xw3g-rphc (CVE-2024-32964)
Moderate
CVE-2024-47066
was published
for
@lobehub/chat
(npm)
Sep 23, 2024
@backstage/plugin-catalog-backend Prototype Pollution vulnerability
Moderate
CVE-2024-45815
was published
for
@backstage/plugin-catalog-backend
(npm)
Sep 17, 2024
Vite DOM Clobbering gadget found in vite bundled scripts that leads to XSS
Moderate
CVE-2024-45812
was published
for
vite
(npm)
Sep 17, 2024
Svelte has a potential mXSS vulnerability due to improper HTML escaping
Moderate
CVE-2024-45047
was published
for
svelte
(npm)
Aug 30, 2024
Directus has an insecure object reference via PATH presets
Moderate
GHSA-3fff-gqw3-vj86
was published
for
directus
(npm)
Aug 27, 2024
Code Snippet GeSHi plugin has reflected cross-site scripting (XSS) vulnerability
Moderate
CVE-2024-43407
was published
for
ckeditor4
(npm)
Aug 21, 2024
matrix-js-sdk will freeze when a user sets a room with itself as a its predecessor
Moderate
CVE-2024-42369
was published
for
matrix-js-sdk
(npm)
Aug 20, 2024
Trix has a cross-site Scripting vulnerability on copy & paste
Moderate
CVE-2024-43368
was published
for
trix
(npm)
Aug 14, 2024
Matrix SDK for React's URL preview setting for a room is controllable by the homeserver
Moderate
CVE-2024-42347
was published
for
matrix-react-sdk
(npm)
Aug 6, 2024
Malicious Matrix homeserver can leak truncated message content of messages it shouldn't have access to
Moderate
CVE-2024-39691
was published
for
matrix-appservice-irc
(npm)
Jul 5, 2024
Cross-site Scripting in ZenUML
Moderate
CVE-2024-38527
was published
for
@zenuml/core
(npm)
Jun 26, 2024
TinyMCE Cross-Site Scripting (XSS) vulnerability using noneditable_regexp option
Moderate
CVE-2024-38356
was published
for
TinyMCE
(Composer)
Jun 19, 2024
TinyMCE Cross-Site Scripting (XSS) vulnerability using noscript elements
Moderate
CVE-2024-38357
was published
for
TinyMCE
(Composer)
Jun 19, 2024
Regular Expression Denial of Service (ReDoS) in micromatch
Moderate
CVE-2024-4067
was published
for
micromatch
(npm)
May 14, 2024
NocoDB SQL Injection vulnerability
Moderate
CVE-2023-50718
was published
for
nocodb
(npm)
May 13, 2024
NocoDB Allows Preview of Files with Dangerous Content
Moderate
CVE-2023-50717
was published
for
nocodb
(npm)
May 13, 2024
Trix Editor Arbitrary Code Execution Vulnerability
Moderate
CVE-2024-34341
was published
for
actiontext
(RubyGems)
May 7, 2024
kurwov vulnerable to Denial of Service due to improper data sanitization
Moderate
CVE-2024-34075
was published
for
kurwov
(npm)
May 3, 2024
Matrix IRC Bridge truncated content of messages can be leaked
Moderate
CVE-2024-32000
was published
for
matrix-appservice-irc
(npm)
Apr 11, 2024
PsiTransfer: File integrity violation
Moderate
CVE-2024-31454
was published
for
psitransfer
(npm)
Apr 5, 2024
PsiTransfer: Violation of the integrity of file distribution
Moderate
CVE-2024-31453
was published
for
psitransfer
(npm)
Apr 5, 2024
TinyMCE Cross-Site Scripting (XSS) vulnerability in handling iframes
Moderate
CVE-2024-29203
was published
for
TinyMCE
(Composer)
Mar 26, 2024
ProTip!
Advisories are also available from the
GraphQL API