GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,133
Erlang
29
GitHub Actions
19
Go
1,940
Maven
5,000+
npm
3,677
NuGet
645
pip
3,295
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+
975 advisories
Filter by severity
Malicious Matrix homeserver can leak truncated message content of messages it shouldn't have access to
Moderate
CVE-2024-39691
was published
for
matrix-appservice-irc
(npm)
Jul 5, 2024
Cross-site Scripting in ZenUML
Moderate
CVE-2024-38527
was published
for
@zenuml/core
(npm)
Jun 26, 2024
TinyMCE Cross-Site Scripting (XSS) vulnerability using noneditable_regexp option
Moderate
CVE-2024-38356
was published
for
TinyMCE
(Composer)
Jun 19, 2024
TinyMCE Cross-Site Scripting (XSS) vulnerability using noscript elements
Moderate
CVE-2024-38357
was published
for
TinyMCE
(Composer)
Jun 19, 2024
@strapi/plugin-users-permissions leaks 3rd party authentication tokens and authentication bypass
High
CVE-2024-34065
was published
for
@strapi/plugin-users-permissions
(npm)
Jun 12, 2024
ghtml Cross-Site Scripting (XSS) vulnerability
High
CVE-2024-37166
was published
for
ghtml
(npm)
Jun 10, 2024
Uncontrolled resource consumption in braces
High
CVE-2024-4068
was published
for
braces
(npm)
May 14, 2024
Regular Expression Denial of Service (ReDoS) in micromatch
Moderate
CVE-2024-4067
was published
for
micromatch
(npm)
May 14, 2024
NocoDB Vulnerable to Stored Cross-Site Scripting in Formula.vue
High
CVE-2023-49781
was published
for
nocodb
(npm)
May 13, 2024
NocoDB SQL Injection vulnerability
Moderate
CVE-2023-50718
was published
for
nocodb
(npm)
May 13, 2024
NocoDB Allows Preview of Files with Dangerous Content
Moderate
CVE-2023-50717
was published
for
nocodb
(npm)
May 13, 2024
lobe-chat `/api/proxy` endpoint Server-Side Request Forgery vulnerability
Critical
CVE-2024-32964
was published
for
@lobehub/chat
(npm)
May 10, 2024
Trix Editor Arbitrary Code Execution Vulnerability
Moderate
CVE-2024-34341
was published
for
actiontext
(RubyGems)
May 7, 2024
react-pdf vulnerable to arbitrary JavaScript execution upon opening a malicious PDF with PDF.js
High
CVE-2024-34342
was published
for
react-pdf
(npm)
May 7, 2024
PDF.js vulnerable to arbitrary JavaScript execution upon opening a malicious PDF
High
CVE-2024-4367
was published
for
pdfjs-dist
(npm)
May 7, 2024
kurwov vulnerable to Denial of Service due to improper data sanitization
Moderate
CVE-2024-34075
was published
for
kurwov
(npm)
May 3, 2024
Firebase vulnerable to CRSF attack
Low
CVE-2024-4128
was published
for
firebase-tools
(npm)
May 2, 2024
xml-crypto vulnerable to XML signature verification bypass due improper verification of signature/signature spoofing
Critical
CVE-2024-32962
was published
for
xml-crypto
(npm)
May 1, 2024
Uptime Kuma vulnerable to authenticated remote code execution via malicious plugin installation
High
CVE-2023-36821
was published
for
uptime-kuma
(npm)
May 1, 2024
@hoppscotch/cli affected by Sandbox Escape in @hoppscotch/js-sandbox leads to RCE
High
CVE-2024-34347
was published
for
@hoppscotch/cli
(npm)
Apr 22, 2024
Matrix IRC Bridge truncated content of messages can be leaked
Moderate
CVE-2024-32000
was published
for
matrix-appservice-irc
(npm)
Apr 11, 2024
PsiTransfer: File integrity violation
Moderate
CVE-2024-31454
was published
for
psitransfer
(npm)
Apr 5, 2024
PsiTransfer: Violation of the integrity of file distribution
Moderate
CVE-2024-31453
was published
for
psitransfer
(npm)
Apr 5, 2024
dectalk-tts Uses Unencrypted HTTP Request
High
CVE-2024-31206
was published
for
dectalk-tts
(npm)
Apr 4, 2024
Content-Security-Policy header generation in middleware could be compromised by malicious injections
High
CVE-2024-29896
was published
for
@kindspells/astro-shield
(npm)
Mar 29, 2024
ProTip!
Advisories are also available from the
GraphQL API