GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,247
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
1,094 advisories
Filter by severity
Cube API denial of service attack
Moderate
CVE-2023-50709
was published
for
@cubejs-backend/api-gateway
(npm)
Dec 13, 2023
Password Change Vulnerability
Moderate
CVE-2023-49804
was published
for
uptime-kuma
(npm)
Dec 12, 2023
OpenZeppelin Contracts and Contracts Upgradeable duplicated execution of subcalls in v4.9.4
Moderate
CVE-2023-49798
was published
for
@openzeppelin/contracts
(npm)
Dec 12, 2023
Directory Traversal in evershop
Moderate
CVE-2023-46493
was published
for
@evershop/evershop
(npm)
Dec 8, 2023
Cross Site Scripting in evershop
Moderate
CVE-2023-46494
was published
for
@evershop/evershop
(npm)
Dec 8, 2023
Cross-site Scripting in evershop
Moderate
CVE-2023-46499
was published
for
@evershop/evershop
(npm)
Dec 8, 2023
Directory Traversal in evershop
Moderate
CVE-2023-46497
was published
for
@evershop/evershop
(npm)
Dec 8, 2023
Cross-site Scripting in evershop
Moderate
CVE-2023-46495
was published
for
@evershop/evershop
(npm)
Dec 8, 2023
Directory Traversal in Gladys Assistant
Moderate
CVE-2023-47440
was published
for
gladys
(npm)
Dec 7, 2023
pubnub Insufficient Entropy vulnerability
Moderate
CVE-2023-26154
was published
for
Pubnub
(RubyGems)
Dec 6, 2023
Vite XSS vulnerability in `server.transformIndexHtml` via URL payload
Moderate
CVE-2023-49293
was published
for
vite
(npm)
Dec 5, 2023
Logging of the firestore key within nodejs-firestore
Moderate
CVE-2023-6460
was published
for
@google-cloud/firestore
(npm)
Dec 4, 2023
ASAR Integrity bypass via filetype confusion in electron
Moderate
CVE-2023-44402
was published
for
electron
(npm)
Dec 1, 2023
@adobe/css-tools Improper Input Validation and Inefficient Regular Expression Complexity
Moderate
CVE-2023-48631
was published
for
@adobe/css-tools
(npm)
Nov 30, 2023
Uptime Kuma Authenticated remote code execution via TailscalePing
Moderate
GHSA-hfxh-rjv7-2369
was published
for
uptime-kuma
(npm)
Nov 27, 2023
Attribute Injection leading to XSS(Cross-Site-Scripting)
Moderate
CVE-2023-49276
was published
for
uptime-kuma
(npm)
Nov 24, 2023
Possible user mocking that bypasses basic authentication
Moderate
CVE-2023-48309
was published
for
next-auth
(npm)
Nov 20, 2023
Bypass of field access control in strapi-plugin-protected-populate
Moderate
CVE-2023-48218
was published
for
strapi-plugin-protected-populate
(npm)
Nov 20, 2023
@vendure/core's insecure currencyCode handling allows wrong payment amounts
Moderate
GHSA-wm63-7627-ch33
was published
for
@vendure/core
(npm)
Nov 17, 2023
Duplicate Advisory: CKEditor Cross-site Scripting vulnerability
Moderate
GHSA-hxjc-9j8v-v9pr
was published
for
ckeditor4
(npm)
Nov 16, 2023
•
withdrawn
TinyMCE vulnerable to mutation Cross-site Scripting via special characters in unescaped text nodes
Moderate
CVE-2023-48219
was published
for
TinyMCE
(Composer)
Nov 15, 2023
DOMPurify Open Redirect vulnerability
Moderate
CVE-2019-25155
was published
for
dompurify
(npm)
Nov 14, 2023
Cross-site Scripting in cesium
Moderate
CVE-2023-48094
was published
for
cesium
(npm)
Nov 14, 2023
•
withdrawn
Bootbox.js Cross Site Scripting vulnerability
Moderate
CVE-2023-46998
was published
for
bootbox
(npm)
Nov 14, 2023
ProTip!
Advisories are also available from the
GraphQL API