GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
1,597 advisories
Directus GraphQL Field Duplication Denial of Service (DoS)
High
CVE-2024-39895
was published
for
@directus/env
(npm)
Jul 8, 2024
Directus incorrectly handles `_in` filter
High
CVE-2024-39701
was published
for
directus
(npm)
Jul 8, 2024
jrburke requirejs vulnerable to prototype pollution
High
CVE-2024-38999
was published
for
requirejs
(npm)
Jul 1, 2024
Prototype pollution in ag-grid-community via the _.mergeDeep function
High
CVE-2024-38996
was published
for
ag-grid-community
(npm)
Jul 1, 2024
ws affected by a DoS when handling a request with many HTTP headers
High
CVE-2024-37890
was published
for
ws
(npm)
Jun 17, 2024
@strapi/plugin-users-permissions leaks 3rd party authentication tokens and authentication bypass
High
CVE-2024-34065
was published
for
@strapi/plugin-users-permissions
(npm)
Jun 12, 2024
ghtml Cross-Site Scripting (XSS) vulnerability
High
CVE-2024-37166
was published
for
ghtml
(npm)
Jun 10, 2024
Withdrawn Advisory: lunary-ai/lunary XSS in SAML metadata endpoint
High
CVE-2024-5478
was published
for
lunary
(npm)
Jun 6, 2024
•
withdrawn
Directus is soft-locked by providing a string value to random string util
High
CVE-2024-36128
was published
for
directus
(npm)
Jun 4, 2024
javascript-deobfuscator crafted payload can lead to code execution
High
CVE-2024-36120
was published
for
js-deobfuscator
(npm)
Jun 4, 2024
ip SSRF improper categorization in isPublic
High
CVE-2024-29415
was published
for
ip
(npm)
Jun 2, 2024
@fastify/session reuses destroyed session cookie
High
CVE-2024-35220
was published
for
@fastify/session
(npm)
May 21, 2024
ProTip!
Advisories are also available from the
GraphQL API