GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,133
Erlang
29
GitHub Actions
19
Go
1,940
Maven
5,000+
npm
3,677
NuGet
645
pip
3,295
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+
147 advisories
Filter by severity
KaTeX missing normalization of the protocol in URLs allows bypassing forbidden protocols
Moderate
CVE-2024-28246
was published
for
katex
(npm)
Mar 25, 2024
KaTeX's `\includegraphics` does not escape filename
Moderate
CVE-2024-28245
was published
for
katex
(npm)
Mar 25, 2024
KaTeX's maxExpand bypassed by Unicode sub/superscripts
Moderate
CVE-2024-28244
was published
for
katex
(npm)
Mar 25, 2024
KaTeX's maxExpand bypassed by `\edef`
Moderate
CVE-2024-28243
was published
for
katex
(npm)
Mar 25, 2024
URL Redirection to Untrusted Site in OAuth2/OpenID in directus
Moderate
CVE-2024-28239
was published
for
directus
(npm)
Mar 12, 2024
RSSHub vulnerable to Server-Side Request Forgery
Moderate
CVE-2024-27927
was published
for
rsshub
(npm)
Mar 6, 2024
Directus version number disclosure
Moderate
CVE-2024-27296
was published
for
directus
(npm)
Mar 1, 2024
Zmarkdown Server-Side Request Forgery (SSRF) in remark-download-images
Moderate
GHSA-mf74-qq7w-6j7v
was published
for
remark-images-download
(npm)
Feb 3, 2024
Arbitrary remote file read in Wrangler dev server
Moderate
CVE-2023-7079
was published
for
wrangler
(npm)
Jan 3, 2024
Follow Redirects improperly handles URLs in the url.parse() function
Moderate
CVE-2023-26159
was published
for
follow-redirects
(npm)
Jan 2, 2024
Vite XSS vulnerability in `server.transformIndexHtml` via URL payload
Moderate
CVE-2023-49293
was published
for
vite
(npm)
Dec 5, 2023
Duplicate Advisory: CKEditor Cross-site Scripting vulnerability
Moderate
GHSA-hxjc-9j8v-v9pr
was published
for
ckeditor4
(npm)
Nov 16, 2023
•
withdrawn
TinyMCE vulnerable to mutation Cross-site Scripting via special characters in unescaped text nodes
Moderate
CVE-2023-48219
was published
for
TinyMCE
(Composer)
Nov 15, 2023
chromedriver Command Injection vulnerability
Moderate
CVE-2023-26156
was published
for
chromedriver
(npm)
Nov 9, 2023
cordova-plugin-fingerprint-aio DoS vulnerability
Moderate
CVE-2021-43849
was published
for
cordova-plugin-fingerprint-aio
(npm)
Nov 2, 2023
TinyMCE XSS vulnerability in notificationManager.open API
Moderate
CVE-2023-45819
was published
for
TinyMCE
(Composer)
Oct 19, 2023
TinyMCE mXSS vulnerability in undo/redo, getContent API, resetContent API, and Autosave plugin
Moderate
CVE-2023-45818
was published
for
TinyMCE
(Composer)
Oct 19, 2023
React Developer Tools extension Improper Authorization vulnerability
Moderate
CVE-2023-5654
was published
for
react-devtools-core
(npm)
Oct 19, 2023
Cleartext Signed Message Signature Spoofing in openpgp
Moderate
CVE-2023-41037
was published
for
openpgp
(npm)
Aug 29, 2023
@webiny/react-rich-text-renderer vulnerable to insecure rendering of rich text content
Moderate
CVE-2023-41167
was published
for
@webiny/react-rich-text-renderer
(npm)
Aug 24, 2023
Svelecte item names vulnerable to execution of arbitrary JavaScript
Moderate
CVE-2023-38687
was published
for
svelecte
(npm)
Aug 14, 2023
matrix-appservice-bridge doesn't verify the sub parameter of an openId token exhange, allowing unauthorized access to provisioning APIs
Moderate
CVE-2023-38691
was published
for
matrix-appservice-bridge
(npm)
Aug 4, 2023
.eth registrar controller can shorten the duration of registered names
Moderate
CVE-2023-38698
was published
for
@ensdomains/ens-contracts
(npm)
Aug 1, 2023
ProTip!
Advisories are also available from the
GraphQL API