Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,749
Maven
4,978
npm
3,509
NuGet
609
pip
3,084
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+

3,510 advisories

Loading
obx Prototype Pollution Moderate
CVE-2024-36573 was published for @almela/obx (npm) Jun 17, 2024
flatten-json Prototype Pollution Moderate
CVE-2024-36574 was published for @allanlancioni/flatten-json (npm) Jun 17, 2024
@akbr/update Prototype Pollution Moderate
CVE-2024-36578 was published for @akbr/update (npm) Jun 17, 2024
ws affected by a DoS when handling a request with many HTTP headers High
CVE-2024-37890 was published for ws (npm) Jun 17, 2024
rrlapointe
Lobe Chat API Key Leak Moderate
CVE-2024-37895 was published for @lobehub/chat (npm) Jun 17, 2024
zhuozhiyongde
socket.io has an unhandled 'error' event High
CVE-2024-38355 was published for socket.io (npm) Jun 19, 2024
Y0ursTruly
TinyMCE Cross-Site Scripting (XSS) vulnerability using noscript elements Moderate
CVE-2024-38357 was published for TinyMCE (Composer) Jun 19, 2024
Malav-MK
TinyMCE Cross-Site Scripting (XSS) vulnerability using noneditable_regexp option Moderate
CVE-2024-38356 was published for TinyMCE (Composer) Jun 19, 2024
Cross-site Scripting in ZenUML Moderate
CVE-2024-38527 was published for @zenuml/core (npm) Jun 26, 2024
Yash-Singh1
@fastly/js-compute has a use-after-free in some host call implementations Moderate
CVE-2024-38375 was published for @fastly/js-compute (npm) Jun 26, 2024
elliottt
ProTip! Advisories are also available from the GraphQL API