Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,055
Erlang
29
GitHub Actions
19
Go
1,889
Maven
5,000+
npm
3,605
NuGet
638
pip
3,208
Pub
10
RubyGems
852
Rust
816
Swift
35
Unreviewed advisories
All unreviewed
5,000+

1,077 advisories

Loading
njwt Prototype Pollution vulnerability Moderate
CVE-2024-34273 was published for njwt (npm) May 16, 2024
Bostr Improper Authorization vulnerability Moderate
CVE-2024-41962 was published for bostr (npm) Aug 2, 2024
cxplay
Cross-site scripting in bootstrap-select Moderate
CVE-2019-20921 was published for bootstrap-select (npm) May 7, 2021
Vite before v2.9.13 vulnerable to directory traversal via crafted URL to victim's service Moderate
CVE-2022-35204 was published for vite (npm) Aug 19, 2022
dloetzke
TinyMCE Cross-Site Scripting (XSS) vulnerability using noscript elements Moderate
CVE-2024-38357 was published for TinyMCE (Composer) Jun 19, 2024
Malav-MK
TinyMCE Cross-Site Scripting (XSS) vulnerability using noneditable_regexp option Moderate
CVE-2024-38356 was published for TinyMCE (Composer) Jun 19, 2024
@jmondi/url-to-png contains a Path Traversal vulnerability Moderate
CVE-2024-39918 was published for @jmondi/url-to-png (npm) Jul 15, 2024
realArcherL
XSS vulnerability that affects bootstrap Moderate
CVE-2018-20676 was published for bootstrap (RubyGems) Jan 17, 2019
tdunlap607
Bootstrap Cross-site Scripting vulnerability Moderate
CVE-2016-10735 was published for bootstrap (RubyGems) Jan 17, 2019
roka-actico
Bootstrap Cross-site Scripting vulnerability Moderate
CVE-2018-14042 was published for bootstrap (RubyGems) Sep 13, 2018
tdunlap607 1Jesper1
bootstrap Cross-site Scripting vulnerability Moderate
CVE-2018-20677 was published for bootstrap (RubyGems) Jan 17, 2019
tdunlap607
Bootstrap vulnerable to Cross-Site Scripting (XSS) Moderate
CVE-2018-14040 was published for bootstrap (RubyGems) May 13, 2022
jhutchings1 stof
Churro tdunlap607 jenhae
Editor.js vulnerable to Code Injection Moderate
CVE-2022-23474 was published for @editorjs/editorjs (npm) Aug 5, 2024
Scrypted Cross-site Scripting vulnerability Moderate
CVE-2023-47623 was published for @scrypted/core (npm) Aug 5, 2024
Scrypted Cross-site Scripting vulnerability Moderate
CVE-2023-47620 was published for @scrypted/server (npm) Aug 5, 2024
Flowise Cross-site Scripting in /api/v1/public-chatflows/id Moderate
CVE-2024-36423 was published for flowise (npm) Aug 5, 2024
Flowise Cross-site Scripting in api/v1/chatflows/id Moderate
CVE-2024-36422 was published for flowise (npm) Aug 5, 2024
Flowise Cross-site Scripting in/api/v1/credentials/id Moderate
CVE-2024-37146 was published for flowise (npm) Aug 5, 2024
Flowise Cross-site Scripting in /api/v1/chatflows-streaming/id Moderate
CVE-2024-37145 was published for flowise (npm) Aug 5, 2024
Zowe CLI allows storage of previously entered secure credentials in a plaintext file Moderate
CVE-2024-6833 was published for @zowe/cli (npm) Jul 17, 2024
nuxt vulnerable to Cross-site Scripting in navigateTo if used after SSR Moderate
CVE-2024-34343 was published for nuxt (npm) Aug 5, 2024
OhB00
Directus GraphQL Field Duplication Denial of Service (DoS) Moderate
CVE-2024-39895 was published for @directus/env (npm) Jul 8, 2024
asantof
Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability Moderate
CVE-2024-35255 was published for @azure/identity (Go) Jun 11, 2024
scottaddie localden
Directus Blind SSRF On File Import Moderate
CVE-2024-39699 was published for @directus/api (npm) Jul 8, 2024
dmitrii-zalmanov
Directus incorrectly handles `_in` filter Moderate
CVE-2024-39701 was published for directus (npm) Jul 8, 2024
adelinn
ProTip! Advisories are also available from the GraphQL API