Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,168
Erlang
30
GitHub Actions
19
Go
1,975
Maven
5,000+
npm
3,698
NuGet
654
pip
3,314
Pub
11
RubyGems
882
Rust
831
Swift
35
Unreviewed advisories
All unreviewed
5,000+

23 advisories

Loading
Incorrect handling of CORS preflight request headers in hapi Moderate
CVE-2015-9236 was published for hapi (npm) Jun 7, 2018
Unsafe Merging of CORS Configuration Conflict in hapi Moderate
CVE-2015-9243 was published for hapi (npm) Sep 1, 2020
Sails before 0.12.7 vulnerable to Broken CORS High
CVE-2016-10549 was published for sails (npm) Feb 18, 2019
ghost vulnerable to unauthorized newsletter modification via improper access controls High
CVE-2022-41654 was published for ghost (npm) Nov 28, 2022
CORS Token Disclosure in crumb Moderate
CVE-2014-7193 was published for crumb (npm) Oct 24, 2017
directus vulnerable to Insertion of Sensitive Information into Log File Moderate
CVE-2023-28443 was published for directus (npm) Mar 23, 2023
JohnHillegass
Budibase Improper Access Control vulnerability Moderate
CVE-2022-3225 was published for @budibase/bbui (npm) Sep 17, 2022
rendertron can remotely shut down Chrome instance High
CVE-2017-18353 was published for rendertron (npm) Jan 4, 2019
When setting EntityOptions.apiPrefilter to a function, the filter is not applied to API requests for a resource by Id Moderate
CVE-2023-35167 was published for remult (npm) Jun 20, 2023
ChrisRimmer
pnpm incorrectly parses tar archives relative to specification High
CVE-2023-37478 was published for @pnpm/cafs (npm) Aug 1, 2023
@clerk/nextjs auth() and getAuth() methods vulnerable to insecure direct object reference (IDOR) Critical
CVE-2024-22206 was published for @clerk/nextjs (npm) Jan 12, 2024
nikosdouvlis SokratisVidros
colinclerk agis braden-clerk BRKalow
Vite dev server option `server.fs.deny` can be bypassed when hosted on case-insensitive filesystem High
CVE-2024-23331 was published for vite (npm) Jan 19, 2024
dariushoule
@lobehub/chat vulnerable to unauthorized access to plugins Moderate
CVE-2024-24566 was published for @lobehub/chat (npm) Jan 31, 2024
dastaj
Vite's `server.fs.deny` did not deny requests for patterns with directories. Moderate
CVE-2024-31207 was published for vite (npm) Apr 3, 2024
jtmcdole
Undici's fetch with integrity option is too lax when algorithm is specified but hash value is in incorrect Low
CVE-2024-30261 was published for undici (npm) Apr 4, 2024
Uzlopak
rejetto HFS vulnerable to OS Command Execution by remote authenticated users Critical
CVE-2024-39943 was published for hfs (npm) Jul 5, 2024
Directus incorrectly handles `_in` filter Moderate
CVE-2024-39701 was published for directus (npm) Jul 8, 2024
adelinn
EverShop at risk to unauthorized access via weak HMAC secret High
CVE-2023-46943 was published for @evershop/evershop (npm) Jan 13, 2024
Lunary improper access control vulnerability Moderate
CVE-2024-6087 was published for lunary (npm) Sep 13, 2024
Mattermost Desktop App fails to safeguard screen capture functionality Low
CVE-2024-39772 was published for mattermost-desktop (npm) Sep 16, 2024
Directus vulnerable to SSRF Loopback IP filter bypass Moderate
CVE-2024-46990 was published for @directus/api (npm) Sep 18, 2024
r3dpower
Vite's `server.fs.deny` is bypassed when using `?import&raw` Moderate
CVE-2024-45811 was published for vite (npm) Sep 17, 2024
adi1
Ghost's improper authentication allows access to member information and actions Moderate
CVE-2024-43409 was published for @tryghost/portal (npm) Aug 20, 2024
1337Nerd
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database