Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,055
Erlang
29
GitHub Actions
19
Go
1,889
Maven
5,000+
npm
3,605
NuGet
638
pip
3,208
Pub
10
RubyGems
852
Rust
816
Swift
35
Unreviewed advisories
All unreviewed
5,000+

1,077 advisories

Loading
DOM clobbering could escalate to Cross-site Scripting (XSS) Moderate
CVE-2024-45389 was published for @pagefind/default-ui (npm) Sep 3, 2024
ishmeals jackfromeast
ReDoS in urlregex Moderate
CVE-2020-36830 was published for urlregex (npm) Sep 2, 2024
Svelte has a potential mXSS vulnerability due to improper HTML escaping Moderate
CVE-2024-45047 was published for svelte (npm) Aug 30, 2024
arkark
Directus has an insecure object reference via PATH presets Moderate
GHSA-3fff-gqw3-vj86 was published for directus (npm) Aug 27, 2024
AWS CDK RestApi not generating authorizationScope correctly in resultant CFN template Moderate
CVE-2024-45037 was published for aws-cdk (npm) Aug 27, 2024
t0bst4r
Webpack's AutoPublicPathRuntimeModule has a DOM Clobbering Gadget that leads to XSS Moderate
CVE-2024-43788 was published for webpack (npm) Aug 27, 2024
jackfromeast ishmeals
mhassan1
Hono CSRF middleware can be bypassed using crafted Content-Type header Moderate
CVE-2024-43787 was published for hono (npm) Aug 22, 2024
wataru-chocola
Code Snippet GeSHi plugin has reflected cross-site scripting (XSS) vulnerability Moderate
CVE-2024-43407 was published for ckeditor4 (npm) Aug 21, 2024
Ghost's improper authentication allows access to member information and actions Moderate
CVE-2024-43409 was published for @tryghost/portal (npm) Aug 20, 2024
1337Nerd
matrix-js-sdk will freeze when a user sets a room with itself as a its predecessor Moderate
CVE-2024-42369 was published for matrix-js-sdk (npm) Aug 20, 2024
morguldir
Improper access control in Directus Moderate
CVE-2024-6534 was published for directus (npm) Aug 15, 2024
Code injection in Directus Moderate
CVE-2024-6533 was published for directus (npm) Aug 15, 2024
Trix has a cross-site Scripting vulnerability on copy & paste Moderate
CVE-2024-43368 was published for trix (npm) Aug 14, 2024
Qwik has a potential mXSS vulnerability due to improper HTML escaping Moderate
CVE-2024-41677 was published for @builder.io/qwik (npm) Aug 6, 2024
arkark
Matrix SDK for React's URL preview setting for a room is controllable by the homeserver Moderate
CVE-2024-42347 was published for matrix-react-sdk (npm) Aug 6, 2024
Flowise Cross-site Scripting in /api/v1/public-chatflows/id Moderate
CVE-2024-36423 was published for flowise (npm) Aug 5, 2024
Flowise Cross-site Scripting in api/v1/chatflows/id Moderate
CVE-2024-36422 was published for flowise (npm) Aug 5, 2024
Flowise Cross-site Scripting in/api/v1/credentials/id Moderate
CVE-2024-37146 was published for flowise (npm) Aug 5, 2024
Flowise Cross-site Scripting in /api/v1/chatflows-streaming/id Moderate
CVE-2024-37145 was published for flowise (npm) Aug 5, 2024
Scrypted Cross-site Scripting vulnerability Moderate
CVE-2023-47623 was published for @scrypted/core (npm) Aug 5, 2024
Scrypted Cross-site Scripting vulnerability Moderate
CVE-2023-47620 was published for @scrypted/server (npm) Aug 5, 2024
Editor.js vulnerable to Code Injection Moderate
CVE-2022-23474 was published for @editorjs/editorjs (npm) Aug 5, 2024
nuxt vulnerable to Cross-site Scripting in navigateTo if used after SSR Moderate
CVE-2024-34343 was published for nuxt (npm) Aug 5, 2024
OhB00
Bostr Improper Authorization vulnerability Moderate
CVE-2024-41962 was published for bostr (npm) Aug 2, 2024
cxplay
vue-template-compiler vulnerable to client-side Cross-Site Scripting (XSS) Moderate
CVE-2024-6783 was published for vue-template-compiler (npm) Jul 23, 2024
sdesalas
ProTip! Advisories are also available from the GraphQL API