GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,273
Erlang
31
GitHub Actions
21
Go
2,055
Maven
5,000+
npm
3,739
NuGet
668
pip
3,417
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+
3,740 advisories
Filter by severity
Systeminformation has command injection vulnerability in getWindowsIEEE8021x (SSID)
High
CVE-2024-56334
was published
for
systeminformation
(npm)
Dec 20, 2024
uptime-kuma vulnerable to Local File Inclusion (LFI) via Improper URL Handling in `Real-Browser` monitor
Moderate
CVE-2024-56331
was published
for
uptime-kuma
(npm)
Dec 20, 2024
Valid ECDSA signatures erroneously rejected in Elliptic
Low
CVE-2024-48948
was published
for
elliptic
(npm)
Oct 15, 2024
Astro's server source code is exposed to the public if sourcemaps are enabled
High
CVE-2024-56159
was published
for
astro
(npm)
Dec 19, 2024
Next.js authorization bypass vulnerability
High
CVE-2024-51479
was published
for
next
(npm)
Dec 17, 2024
Atro CSRF Middleware Bypass (security.checkOrigin)
Moderate
CVE-2024-56140
was published
for
astro
(npm)
Dec 18, 2024
Undici's Proxy-Authorization header not cleared on cross-origin redirect for dispatch, request, stream, pipeline
Low
CVE-2024-30260
was published
for
undici
(npm)
Apr 4, 2024
Bun has an Application-level Prototype Pollution vulnerability in the runtime native API for Glo
Moderate
CVE-2024-21548
was published
for
bun
(npm)
Dec 18, 2024
Prototype pollution in jsii.configureCategories
Low
GHSA-m56h-5xx3-2jc2
was published
for
jsii
(npm)
Dec 18, 2024
fetch(url) leads to a memory leak in undici
Moderate
CVE-2024-24750
was published
for
undici
(npm)
Feb 16, 2024
Predictable results in nanoid generation when given non-integer values
Moderate
CVE-2024-55565
was published
for
nanoid
(npm)
Dec 9, 2024
Bit flip attack vulnerability in cookie-encrypter
High
CVE-2024-53441
was published
for
cookie-encrypter
(npm)
Dec 9, 2024
pnpm no-script global cache poisoning via overrides / `ignore-scripts` evasion
Moderate
CVE-2024-53866
was published
for
pnpm
(npm)
Dec 10, 2024
Avenwu Whistle Cross-Site Request Forgery (CSRF)
High
CVE-2024-55500
was published
for
whistle
(npm)
Dec 10, 2024
Angular Expressions - Remote Code Execution when using locals
Critical
CVE-2024-54152
was published
for
angular-expressions
(npm)
Dec 10, 2024
Directus allows unauthenticated access to WebSocket events and operations
High
CVE-2024-54151
was published
for
@directus/api
(npm)
Dec 9, 2024
Trix editor subject to XSS vulnerabilities on copy & paste
Moderate
CVE-2024-53847
was published
for
trix
(npm)
Dec 9, 2024
semver vulnerable to Regular Expression Denial of Service
High
CVE-2022-25883
was published
for
semver
(npm)
Jun 21, 2023
Prototype Pollution in the merge and clone helper methods
Moderate
CVE-2021-39227
was published
for
zrender
(npm)
Sep 20, 2021
Unpatched `path-to-regexp` ReDoS in 0.1.x
Moderate
CVE-2024-52798
was published
for
path-to-regexp
(npm)
Dec 5, 2024
Directus has an HTML Injection in Comment
Moderate
CVE-2024-54128
was published
for
@directus/app
(npm)
Dec 5, 2024
Firepad allows insecure document access
Low
CVE-2024-51210
was published
for
firepad
(npm)
Dec 4, 2024
Modified package published to npm, containing malware that exfiltrates private key material
High
CVE-2024-54134
was published
for
@solana/web3.js
(npm)
Dec 4, 2024
Mongoose search injection vulnerability
High
CVE-2024-53900
was published
for
mongoose
(npm)
Dec 2, 2024
ProTip!
Advisories are also available from the
GraphQL API