Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,869
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,121
NuGet
735
pip
3,942
Pub
12
RubyGems
945
Rust
1,018
Swift
39
Unreviewed advisories
All unreviewed
5,000+

1,296 advisories

Loading
Cache Poisoning Vulnerability Moderate
CVE-2024-29042 was published for translate (npm) Mar 22, 2024
PinkDraconian
Denial of service while parsing a tar file due to lack of folders count validation Moderate
CVE-2024-28863 was published for node-tar (npm) Mar 22, 2024
DEMON1A AlmogApiiro
ebickle
VvvebJs Arbitrary File Upload vulnerability Moderate
CVE-2024-29272 was published for vvvebJs (npm) Mar 22, 2024
VvvebJs Reflected Cross-Site Scripting (XSS) vulnerability Moderate
CVE-2024-29271 was published for vvvebjs (npm) Mar 22, 2024
Cross-site scripting in Survey Creator Moderate
CVE-2024-28635 was published for survey-creator (npm) Mar 21, 2024
follow-redirects' Proxy-Authorization header kept across hosts Moderate
CVE-2024-28849 was published for follow-redirects (npm) Mar 14, 2024
4xpl0r3r RDIL
URL Redirection to Untrusted Site in OAuth2/OpenID in directus Moderate
CVE-2024-28239 was published for directus (npm) Mar 12, 2024
soulseekah
jose vulnerable to resource exhaustion via specifically crafted JWE with compressed plaintext Moderate
CVE-2024-28176 was published for jose (npm) Mar 7, 2024
P3ngu1nW panva
RSSHub vulnerable to Server-Side Request Forgery Moderate
CVE-2024-27927 was published for rsshub (npm) Mar 6, 2024
ouuan DIYgod
RSSHub Cross-site Scripting vulnerability caused by internal media proxy Moderate
CVE-2024-27926 was published for rsshub (npm) Mar 6, 2024
Ry0taK
hexo-theme-anzhiyu Cross-site Scripting vulnerability Moderate
CVE-2024-25865 was published for hexo-theme-anzhiyu (npm) Mar 3, 2024
Directus version number disclosure Moderate
CVE-2024-27296 was published for directus (npm) Mar 1, 2024
mongo-express Cross-site Request Forgery vulnerability Moderate
CVE-2023-52555 was published for mongo-express (npm) Mar 1, 2024
Nteract Remote Code Execution vulnerability Moderate
CVE-2024-22891 was published for nteract (npm) Mar 1, 2024
sanitize-html Information Exposure vulnerability Moderate
CVE-2024-21501 was published for sanitize-html (npm) Feb 24, 2024
oscerd krassowski
Cross-site Scripting in Serenity Moderate
CVE-2024-26318 was published for @serenity-is/corelib (npm) Feb 19, 2024
fetch(url) leads to a memory leak in undici Moderate
CVE-2024-24750 was published for undici (npm) Feb 16, 2024
mcollina
mapshaper Path Traversal vulnerability Moderate
CVE-2024-1163 was published for mapshaper (npm) Feb 13, 2024
JafarAkhondali
Ghost has possible Cross-site Scripting issue Moderate
CVE-2024-23724 was published for ghost (npm) Feb 11, 2024
Pkg Local Privilege Escalation Moderate
CVE-2024-24828 was published for pkg (npm) Feb 9, 2024
TomiBelan
CKEditor cross-site scripting vulnerability in AJAX sample Moderate
CVE-2023-4771 was published for ckeditor4 (npm) Feb 7, 2024
CKEditor4 Cross-site Scripting vulnerability in samples with enabled the preview feature Moderate
CVE-2024-24816 was published for ckeditor4 (npm) Feb 7, 2024
CKEditor4 Cross-site Scripting vulnerability caused by incorrect CDATA detection Moderate
CVE-2024-24815 was published for ckeditor/ckeditor (Composer) Feb 7, 2024
Rudloff
Stimulsoft Dashboard.JS Cross Site Scripting vulnerability Moderate
CVE-2024-24396 was published for stimulsoft-dashboards-js (npm) Feb 5, 2024
Stimulsoft Dashboard.JS Cross Site Scripting vulnerability Moderate
CVE-2024-24397 was published for stimulsoft-dashboards-js (npm) Feb 5, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database