GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,967
Erlang
29
GitHub Actions
16
Go
1,749
Maven
4,978
npm
3,509
NuGet
609
pip
3,076
Pub
10
RubyGems
832
Rust
781
Swift
34
Unreviewed advisories
All unreviewed
5,000+
3,509 advisories
Filter by severity
lobe-chat `/api/proxy` endpoint Server-Side Request Forgery vulnerability
Critical
CVE-2024-32964
was published
for
@lobehub/chat
(npm)
May 10, 2024
thelounge may publicly disclose of all usernames/idents via port 113
Low
GHSA-g49q-jw42-6x85
was published
for
thelounge
(npm)
May 9, 2024
Next.js Server-Side Request Forgery in Server Actions
High
CVE-2024-34351
was published
for
next
(npm)
May 9, 2024
Next.js Vulnerable to HTTP Request Smuggling
High
CVE-2024-34350
was published
for
next
(npm)
May 9, 2024
@cyclonedx/cyclonedx-library Improper Restriction of XML External Entity Reference vulnerability
High
CVE-2024-34345
was published
for
@cyclonedx/cyclonedx-library
(npm)
May 8, 2024
Trix Editor Arbitrary Code Execution Vulnerability
Moderate
CVE-2024-34341
was published
for
actiontext
(RubyGems)
May 7, 2024
react-pdf vulnerable to arbitrary JavaScript execution upon opening a malicious PDF with PDF.js
High
CVE-2024-34342
was published
for
react-pdf
(npm)
May 7, 2024
PDF.js vulnerable to arbitrary JavaScript execution upon opening a malicious PDF
High
CVE-2024-4367
was published
for
pdfjs-dist
(npm)
May 7, 2024
kurwov vulnerable to Denial of Service due to improper data sanitization
Moderate
CVE-2024-34075
was published
for
kurwov
(npm)
May 3, 2024
Vditor allows Cross-site Scripting via an attribute of an `A` element
Moderate
CVE-2024-34449
was published
for
vditor
(npm)
May 3, 2024
libxmljs vulnerable to type confusion when parsing specially crafted XML
High
CVE-2024-34391
was published
for
libxmljs
(npm)
May 2, 2024
libxmljs vulnerable to type confusion when parsing specially crafted XML
High
CVE-2024-34394
was published
for
libxmljs2
(npm)
May 2, 2024
libxmljs vulnerable to type confusion when parsing specially crafted XML
High
CVE-2024-34392
was published
for
libxmljs
(npm)
May 2, 2024
libxmljs2 type confusion vulnerability when parsing specially crafted XML
High
CVE-2024-34393
was published
for
libxmljs2
(npm)
May 2, 2024
Firebase vulnerable to CRSF attack
Low
CVE-2024-4128
was published
for
firebase-tools
(npm)
May 2, 2024
s3-url-parser vulnerable to Denial of Service via regexes component
Moderate
CVE-2024-25355
was published
for
s3-url-parser
(npm)
May 1, 2024
xml-crypto vulnerable to XML signature verification bypass due improper verification of signature/signature spoofing
Critical
CVE-2024-32962
was published
for
xml-crypto
(npm)
May 1, 2024
Uptime Kuma vulnerable to authenticated remote code execution via malicious plugin installation
High
CVE-2023-36821
was published
for
uptime-kuma
(npm)
May 1, 2024
Uptime Kuma's authenticated path traversal via plugin repository name may lead to unavailability or data loss
Moderate
CVE-2023-36822
was published
for
uptime-kuma
(npm)
May 1, 2024
ejs lacks certain pollution protection
Moderate
CVE-2024-33883
was published
for
ejs
(npm)
Apr 28, 2024
Conform contains a Prototype Pollution Vulnerability in `parseWith...` function
High
CVE-2024-32866
was published
for
@conform-to/dom
(npm)
Apr 23, 2024
Renovate vulnerable to arbitrary command injection via helmv3 manager and registryAliases
Moderate
GHSA-rqgv-292v-5qgr
was published
for
renovate
(npm)
Apr 23, 2024
Hono vulnerable to Restricted Directory Traversal in serveStatic with deno
Moderate
CVE-2024-32869
was published
for
hono
(npm)
Apr 23, 2024
MySQL2 for Node Arbitrary Code Injection
Critical
CVE-2024-21511
was published
for
mysql2
(npm)
Apr 23, 2024
@hoppscotch/cli affected by Sandbox Escape in @hoppscotch/js-sandbox leads to RCE
High
CVE-2024-34347
was published
for
@hoppscotch/cli
(npm)
Apr 22, 2024
ProTip!
Advisories are also available from the
GraphQL API