GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,279
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,421
Pub
12
RubyGems
891
Rust
873
Swift
36
Unreviewed advisories
All unreviewed
5,000+
143 advisories
Filter by severity
Vendure asset server plugin has local file read vulnerability with AssetServerPlugin & LocalAssetStorageStrategy
Critical
CVE-2024-48914
was published
for
@vendure/asset-server-plugin
(npm)
Oct 15, 2024
webcrack has an Arbitrary File Write Vulnerability on Windows when Parsing and Saving a Malicious Bundle
Moderate
CVE-2024-43373
was published
for
webcrack
(npm)
Aug 14, 2024
The fuels-ts typescript SDK has no awareness of to-be-spent transactions
Low
CVE-2024-41945
was published
for
@fuel-ts/account
(npm)
Jul 30, 2024
@discordjs/opus vulnerable to Denial of Service
High
CVE-2024-21521
was published
for
@discordjs/opus
(npm)
Jul 10, 2024
socket.io has an unhandled 'error' event
Moderate
CVE-2024-38355
was published
for
socket.io
(npm)
Jun 19, 2024
Uptime Kuma vulnerable to authenticated remote code execution via malicious plugin installation
High
CVE-2023-36821
was published
for
uptime-kuma
(npm)
May 1, 2024
mysql2 cache poisoning vulnerability
Moderate
CVE-2024-21507
was published
for
mysql2
(npm)
Apr 10, 2024
Cache Poisoning Vulnerability
Moderate
CVE-2024-29042
was published
for
translate
(npm)
Mar 22, 2024
Server crashes on invalid Cloud Function or Cloud Job name
Critical
CVE-2024-29027
was published
for
parse-server
(npm)
Mar 19, 2024
Sending a GET or HEAD request with a body crashes SvelteKit
High
CVE-2024-23641
was published
for
@sveltejs/adapter-node
(npm)
Jan 24, 2024
Follow Redirects improperly handles URLs in the url.parse() function
Moderate
CVE-2023-26159
was published
for
follow-redirects
(npm)
Jan 2, 2024
Cube API denial of service attack
Moderate
CVE-2023-50709
was published
for
@cubejs-backend/api-gateway
(npm)
Dec 13, 2023
@adobe/css-tools Improper Input Validation and Inefficient Regular Expression Complexity
Moderate
CVE-2023-48631
was published
for
@adobe/css-tools
(npm)
Nov 30, 2023
json-web-token library is vulnerable to a JWT algorithm confusion attack
High
CVE-2023-48238
was published
for
json-web-token
(npm)
Nov 17, 2023
Improper Input Validation in vriteio/vrite
Moderate
CVE-2023-5571
was published
for
@vrite/sdk
(npm)
Oct 13, 2023
Improper Input Validation in nocodb
Moderate
CVE-2023-5104
was published
for
nocodb
(npm)
Sep 21, 2023
@adobe/css-tools Regular Expression Denial of Service (ReDOS) while Parsing CSS
Moderate
CVE-2023-26364
was published
for
@adobe/css-tools
(npm)
Aug 29, 2023
SES's dynamic import and spread operator provides possible path to arbitrary exfiltration and execution
Critical
CVE-2023-39532
was published
for
ses
(npm)
Aug 9, 2023
import-in-the-middle has unsanitized user controlled input in module generation
High
CVE-2023-38704
was published
for
import-in-the-middle
(npm)
Aug 8, 2023
matrix-appservice-irc IRC command injection via admin commands containing newlines
Moderate
CVE-2023-38690
was published
for
matrix-appservice-irc
(npm)
Aug 4, 2023
keep-module-latest vulnerable to Command Injection due to missing input sanitization
High
CVE-2023-26128
was published
for
keep-module-latest
(npm)
May 27, 2023
Insufficient validation when decoding a Socket.IO packet
Moderate
CVE-2023-32695
was published
for
socket.io-parser
(npm)
May 23, 2023
Invalid push request payload crashes Parse Server
Moderate
CVE-2023-32688
was published
for
parse-server-push-adapter
(npm)
May 22, 2023
GovernorCompatibilityBravo may trim proposal calldata
High
CVE-2023-30542
was published
for
@openzeppelin/contracts
(npm)
Apr 20, 2023
ProTip!
Advisories are also available from the
GraphQL API