GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
4,127 advisories
Remote Code Execution on click of <a> Link in markdown preview
High
CVE-2024-49362
was published
for
joplin
(npm)
Nov 14, 2024
AWS Cloud Development Kit (AWS CDK) IAM OIDC custom resource allows connection to unauthorized OIDC provider
Low
CVE-2025-23206
was published
for
aws-cdk-lib
(npm)
Jan 17, 2025
Potential DoS when using ContextLines integration
Low
GHSA-r5w7-f542-q2j4
was published
for
@sentry/astro
(npm)
Jan 28, 2025
Opening a malicious website while running a Nuxt dev server could allow read-only access to code
Moderate
CVE-2025-24361
was published
for
@nuxt/rspack-builder
(npm)
Jan 27, 2025
Opening a malicious website while running a Nuxt dev server could allow read-only access to code
Moderate
CVE-2025-24360
was published
for
@nuxt/vite-builder
(npm)
Jan 27, 2025
path-to-regexp outputs backtracking regular expressions
High
CVE-2024-45296
was published
for
path-to-regexp
(npm)
Sep 9, 2024
@sveltejs/kit vulnerable to XSS on dev mode 404 page
Low
CVE-2024-53261
was published
for
@sveltejs/kit
(npm)
Nov 25, 2024
@actions/artifact has an Arbitrary File Write via artifact extraction
High
CVE-2024-42471
was published
for
@actions/artifact
(npm)
Sep 3, 2024
Use of Insufficiently Random Values in undici
Moderate
CVE-2025-22150
was published
for
undici
(npm)
Jan 21, 2025
XSS/HTML Injection Vulnerability in Umbraco Backoffice Components
Moderate
CVE-2025-24012
was published
for
@umbraco-cms/backoffice
(npm)
Jan 21, 2025
Infinite loop and Blind SSRF found inside the Webfinger mechanism in @fedify/fedify
Moderate
CVE-2025-23221
was published
for
@fedify/fedify
(npm)
Jan 21, 2025
ip SSRF improper categorization in isPublic
High
CVE-2024-29415
was published
for
ip
(npm)
Jun 2, 2024
Mongoose search injection vulnerability
Critical
CVE-2025-23061
was published
for
mongoose
(npm)
Jan 15, 2025
ipip downloads Resources over HTTP
Moderate
CVE-2016-10594
was published
for
ipip
(npm)
Feb 18, 2019
Lodestar snappy checksum issue
Low
GHSA-m9c9-mc2h-9wjw
was published
for
@lodestar/reqresp
(npm)
Jan 14, 2025
Lodestar snappy decompression issue
Low
GHSA-53rv-hcvm-rpp9
was published
for
@lodestar/reqresp
(npm)
Jan 14, 2025
ProTip!
Advisories are also available from the
GraphQL API