GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,083
Erlang
29
GitHub Actions
19
Go
1,909
Maven
5,000+
npm
3,644
NuGet
638
pip
3,260
Pub
10
RubyGems
869
Rust
820
Swift
35
Unreviewed advisories
All unreviewed
5,000+
1,438 advisories
Filter by severity
images vulnerable to Denial of Service
High
CVE-2024-21523
was published
for
images
(npm)
Jul 10, 2024
Flowise vulnerable to code injection via api/v1
High
CVE-2024-31621
was published
for
flowise
(npm)
Apr 29, 2024
Plate media plugins has a XSS in media embed element when using custom URL parsers
High
CVE-2024-40631
was published
for
@udecode/plate-media
(npm)
Jul 15, 2024
jrburke requirejs vulnerable to prototype pollution
High
CVE-2024-38999
was published
for
requirejs
(npm)
Jul 1, 2024
ws affected by a DoS when handling a request with many HTTP headers
High
CVE-2024-37890
was published
for
ws
(npm)
Jun 17, 2024
Flowise Path Injection at /api/v1/openai-assistants-file
High
CVE-2024-36420
was published
for
flowise
(npm)
Aug 5, 2024
Flowise Cors Misconfiguration in packages/server/src/index.ts
High
CVE-2024-36421
was published
for
flowise
(npm)
Aug 5, 2024
Nuxt Devtools has a Path Traversal: '../filedir'
High
CVE-2024-23657
was published
for
@nuxt/devtools
(npm)
Aug 5, 2024
Nuxt Icon affected by a Server-Side Request Forgery (SSRF)
High
CVE-2024-42352
was published
for
@nuxt/icon
(npm)
Aug 5, 2024
Nuxt vulnerable to remote code execution via the browser when running the test locally
High
CVE-2024-34344
was published
for
nuxt
(npm)
Aug 5, 2024
libxmljs vulnerable to type confusion when parsing specially crafted XML
High
CVE-2024-34391
was published
for
libxmljs
(npm)
May 2, 2024
@75lb/deep-merge Prototype Pollution vulnerability
High
CVE-2024-38986
was published
for
@75lb/deep-merge
(npm)
Jul 30, 2024
Directus Allows Single Sign-On User Enumeration
High
CVE-2024-39896
was published
for
directus
(npm)
Jul 8, 2024
electron-updater Code Signing Bypass on Windows
High
CVE-2024-39698
was published
for
electron-updater
(npm)
Jul 9, 2024
libxmljs2 vulnerable to type confusion when parsing specially crafted XML
High
CVE-2024-34394
was published
for
libxmljs2
(npm)
May 2, 2024
Server Side Request Forgery (SSRF) attack in Fedify
High
CVE-2024-39687
was published
for
@fedify/fedify
(npm)
Jul 5, 2024
socket.io has an unhandled 'error' event
High
CVE-2024-38355
was published
for
socket.io
(npm)
Jun 19, 2024
semver vulnerable to Regular Expression Denial of Service
High
CVE-2022-25883
was published
for
semver
(npm)
Jun 21, 2023
Next.js Denial of Service (DoS) condition
High
CVE-2024-39693
was published
for
next
(npm)
Jul 10, 2024
node-stringbuilder vulnerable to Out-of-bounds Read
High
CVE-2024-21524
was published
for
node-stringbuilder
(npm)
Jul 10, 2024
robinweser fast-loops vulnerable to prototype pollution
High
CVE-2024-39008
was published
for
fast-loops
(npm)
Jul 1, 2024
node-twain vulnerable to Improper Check or Handling of Exceptional Conditions
High
CVE-2024-21525
was published
for
node-twain
(npm)
Jul 10, 2024
audify vulnerable to Improper Validation of Array Index
High
CVE-2024-21522
was published
for
audify
(npm)
Jul 10, 2024
Vite Server Options (server.fs.deny) can be bypassed using double forward-slash (//)
High
CVE-2023-34092
was published
for
vite
(npm)
Jun 6, 2023
ProTip!
Advisories are also available from the
GraphQL API