GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,083
Erlang
29
GitHub Actions
19
Go
1,909
Maven
5,000+
npm
3,644
NuGet
638
pip
3,260
Pub
10
RubyGems
869
Rust
820
Swift
35
Unreviewed advisories
All unreviewed
5,000+
1,098 advisories
Filter by severity
Duplicate Advisory: Cross-site scripting vulnerability in TinyMCE
Moderate
GHSA-q5pp-5q2h-g8rv
was published
for
tinymce
(npm)
Jan 3, 2024
•
withdrawn
Follow Redirects improperly handles URLs in the url.parse() function
Moderate
CVE-2023-26159
was published
for
follow-redirects
(npm)
Jan 2, 2024
Layui cross-site scripting (XSS) vulnerability
Moderate
CVE-2023-50550
was published
for
layui
(npm)
Dec 30, 2023
blinksocks has weak encryption algorithms
Moderate
CVE-2023-50481
was published
for
blinksocks
(npm)
Dec 21, 2023
Named path parameters can be overridden in TrieRouter
Moderate
CVE-2023-50710
was published
for
hono
(npm)
Dec 15, 2023
Cube API denial of service attack
Moderate
CVE-2023-50709
was published
for
@cubejs-backend/api-gateway
(npm)
Dec 13, 2023
Password Change Vulnerability
Moderate
CVE-2023-49804
was published
for
uptime-kuma
(npm)
Dec 12, 2023
OpenZeppelin Contracts and Contracts Upgradeable duplicated execution of subcalls in v4.9.4
Moderate
CVE-2023-49798
was published
for
@openzeppelin/contracts
(npm)
Dec 12, 2023
Directory Traversal in evershop
Moderate
CVE-2023-46493
was published
for
@evershop/evershop
(npm)
Dec 8, 2023
Cross-site Scripting in evershop
Moderate
CVE-2023-46499
was published
for
@evershop/evershop
(npm)
Dec 8, 2023
Cross Site Scripting in evershop
Moderate
CVE-2023-46494
was published
for
@evershop/evershop
(npm)
Dec 8, 2023
Cross-site Scripting in evershop
Moderate
CVE-2023-46495
was published
for
@evershop/evershop
(npm)
Dec 8, 2023
Directory Traversal in evershop
Moderate
CVE-2023-46497
was published
for
@evershop/evershop
(npm)
Dec 8, 2023
Directory Traversal in Gladys Assistant
Moderate
CVE-2023-47440
was published
for
gladys
(npm)
Dec 7, 2023
pubnub Insufficient Entropy vulnerability
Moderate
CVE-2023-26154
was published
for
Pubnub
(RubyGems)
Dec 6, 2023
Vite XSS vulnerability in `server.transformIndexHtml` via URL payload
Moderate
CVE-2023-49293
was published
for
vite
(npm)
Dec 5, 2023
Logging of the firestore key within nodejs-firestore
Moderate
CVE-2023-6460
was published
for
@google-cloud/firestore
(npm)
Dec 4, 2023
ASAR Integrity bypass via filetype confusion in electron
Moderate
CVE-2023-44402
was published
for
electron
(npm)
Dec 1, 2023
@adobe/css-tools Improper Input Validation and Inefficient Regular Expression Complexity
Moderate
CVE-2023-48631
was published
for
@adobe/css-tools
(npm)
Nov 30, 2023
Uptime Kuma Authenticated remote code execution via TailscalePing
Moderate
GHSA-hfxh-rjv7-2369
was published
for
uptime-kuma
(npm)
Nov 27, 2023
Attribute Injection leading to XSS(Cross-Site-Scripting)
Moderate
CVE-2023-49276
was published
for
uptime-kuma
(npm)
Nov 24, 2023
Possible user mocking that bypasses basic authentication
Moderate
CVE-2023-48309
was published
for
next-auth
(npm)
Nov 20, 2023
Bypass of field access control in strapi-plugin-protected-populate
Moderate
CVE-2023-48218
was published
for
strapi-plugin-protected-populate
(npm)
Nov 20, 2023
@vendure/core's insecure currencyCode handling allows wrong payment amounts
Moderate
GHSA-wm63-7627-ch33
was published
for
@vendure/core
(npm)
Nov 17, 2023
ProTip!
Advisories are also available from the
GraphQL API