GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,133
Erlang
29
GitHub Actions
19
Go
1,940
Maven
5,000+
npm
3,677
NuGet
645
pip
3,295
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+
1,115 advisories
Filter by severity
@backstage/plugin-catalog-backend Prototype Pollution vulnerability
Moderate
CVE-2024-45815
was published
for
@backstage/plugin-catalog-backend
(npm)
Sep 17, 2024
Vite DOM Clobbering gadget found in vite bundled scripts that leads to XSS
Moderate
CVE-2024-45812
was published
for
vite
(npm)
Sep 17, 2024
Vite's `server.fs.deny` is bypassed when using `?import&raw`
Moderate
CVE-2024-45811
was published
for
vite
(npm)
Sep 17, 2024
Mattermost Desktop App Uncontrolled Search Path Vulnerability
Moderate
CVE-2024-39613
was published
for
mattermost-desktop
(npm)
Sep 16, 2024
Lunary improper access control vulnerability
Moderate
CVE-2024-6087
was published
for
lunary
(npm)
Sep 13, 2024
Lunary information disclosure vulnerability
Moderate
CVE-2024-6867
was published
for
lunary
(npm)
Sep 13, 2024
Lunary Cross-Site Request Forgery (CSRF) vulnerability
Moderate
CVE-2024-6862
was published
for
lunary
(npm)
Sep 13, 2024
Lunary Improper Authentication vulnerability
Moderate
CVE-2024-6582
was published
for
lunary
(npm)
Sep 13, 2024
whatsapp-api-js fails to validate message's signature
Moderate
CVE-2024-45607
was published
for
whatsapp-api-js
(npm)
Sep 12, 2024
send vulnerable to template injection that can lead to XSS
Moderate
CVE-2024-43799
was published
for
send
(npm)
Sep 10, 2024
serve-static vulnerable to template injection that can lead to XSS
Moderate
CVE-2024-43800
was published
for
serve-static
(npm)
Sep 10, 2024
express vulnerable to XSS via response.redirect()
Moderate
CVE-2024-43796
was published
for
express
(npm)
Sep 10, 2024
node-gettext vulnerable to Prototype Pollution
Moderate
CVE-2024-21528
was published
for
node-gettext
(npm)
Sep 10, 2024
DOM clobbering could escalate to Cross-site Scripting (XSS)
Moderate
CVE-2024-45389
was published
for
@pagefind/default-ui
(npm)
Sep 3, 2024
Svelte has a potential mXSS vulnerability due to improper HTML escaping
Moderate
CVE-2024-45047
was published
for
svelte
(npm)
Aug 30, 2024
Directus has an insecure object reference via PATH presets
Moderate
GHSA-3fff-gqw3-vj86
was published
for
directus
(npm)
Aug 27, 2024
AWS CDK RestApi not generating authorizationScope correctly in resultant CFN template
Moderate
CVE-2024-45037
was published
for
aws-cdk
(npm)
Aug 27, 2024
Webpack's AutoPublicPathRuntimeModule has a DOM Clobbering Gadget that leads to XSS
Moderate
CVE-2024-43788
was published
for
webpack
(npm)
Aug 27, 2024
Hono CSRF middleware can be bypassed using crafted Content-Type header
Moderate
CVE-2024-43787
was published
for
hono
(npm)
Aug 22, 2024
Code Snippet GeSHi plugin has reflected cross-site scripting (XSS) vulnerability
Moderate
CVE-2024-43407
was published
for
ckeditor4
(npm)
Aug 21, 2024
Ghost's improper authentication allows access to member information and actions
Moderate
CVE-2024-43409
was published
for
@tryghost/portal
(npm)
Aug 20, 2024
matrix-js-sdk will freeze when a user sets a room with itself as a its predecessor
Moderate
CVE-2024-42369
was published
for
matrix-js-sdk
(npm)
Aug 20, 2024
Improper access control in Directus
Moderate
CVE-2024-6534
was published
for
directus
(npm)
Aug 15, 2024
ProTip!
Advisories are also available from the
GraphQL API