Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,055
Erlang
29
GitHub Actions
19
Go
1,889
Maven
5,000+
npm
3,605
NuGet
638
pip
3,208
Pub
10
RubyGems
852
Rust
816
Swift
35
Unreviewed advisories
All unreviewed
5,000+

1,427 advisories

Loading
path-to-regexp outputs backtracking regular expressions High
CVE-2024-45296 was published for path-to-regexp (npm) Sep 9, 2024
blakeembrey ctcpip
@actions/artifact has an Arbitrary File Write via artifact extraction High
CVE-2024-42471 was published for @actions/artifact (npm) Sep 3, 2024
JLHwung
Flowise Authentication Bypass vulnerability High
CVE-2024-8181 was published for flowise (npm) Aug 27, 2024
Prototype pollution in ag-grid-community via the _.mergeDeep function High
CVE-2024-38996 was published for ag-grid-community (npm) Jul 1, 2024
kiril-matev
Tina search token leak via lock file in TinaCMS High
CVE-2024-45391 was published for @tinacms/cli (npm) Sep 3, 2024
kldavis4 mattsbennett
@blakeembrey/template vulnerable to code injection when attacker controls template input High
CVE-2024-45390 was published for @blakeembrey/template (npm) Sep 3, 2024
mcoimbra filipeom
ip SSRF improper categorization in isPublic High
CVE-2024-29415 was published for ip (npm) Jun 2, 2024
ThisIsMissEm
EverShop at risk to unauthorized access via weak HMAC secret High
CVE-2023-46943 was published for @evershop/evershop (npm) Jan 13, 2024
Rocket.Chat Server-Side Request Forgery (SSRF) vulnerability High
CVE-2024-39713 was published for rocket.chat (npm) Aug 5, 2024
domain-suffix RegEx Denial of Service High
CVE-2024-25354 was published for domain-suffix (npm) Mar 28, 2024
Flowise Unauthenticated Denial of Service (DoS) vulnerability High
CVE-2024-8182 was published for flowise (npm) Aug 27, 2024
Apollo Query Planner and Apollo Gateway may infinitely loop on sufficiently complex queries High
CVE-2024-43414 was published for @apollo/gateway (npm) Aug 27, 2024
unzip-stream allows Arbitrary File Write via artifact extraction High
GHSA-6jrj-vc65-c983 was published for unzip-stream (npm) Aug 26, 2024
@fastify/session reuses destroyed session cookie High
CVE-2024-35220 was published for @fastify/session (npm) May 21, 2024
Prag1974
squirrelly Code Injection vulnerability High
CVE-2024-40453 was published for squirrelly (npm) Aug 21, 2024
MiguelCastillo @bit/loader Prototype Pollution issue High
CVE-2024-24293 was published for @bit/loader (npm) May 20, 2024
React Native Document Picker Directory Traversal vulnerability High
CVE-2024-25466 was published for react-native-document-picker (npm) Feb 16, 2024
vonovak
gettext.js has a Cross-site Scripting injection High
CVE-2024-43370 was published for gettext.js (npm) Aug 15, 2024
mcoimbra filipeom
webcrack has an Arbitrary File Write Vulnerability on Windows when Parsing and Saving a Malicious Bundle High
CVE-2024-43373 was published for webcrack (npm) Aug 14, 2024
SteakEnthusiast
Jan path traversal vulnerability High
CVE-2024-36857 was published for @janhq/core (npm) Jun 4, 2024
Server-Side Request Forgery in axios High
CVE-2024-39338 was published for axios (npm) Aug 12, 2024
levpachmanov
Vite Server Options (server.fs.deny) can be bypassed using double forward-slash (//) High
CVE-2023-34092 was published for vite (npm) Jun 6, 2023
agussetyar thenameisajay
dloetzke
audify vulnerable to Improper Validation of Array Index High
CVE-2024-21522 was published for audify (npm) Jul 10, 2024
node-twain vulnerable to Improper Check or Handling of Exceptional Conditions High
CVE-2024-21525 was published for node-twain (npm) Jul 10, 2024
Next.js Denial of Service (DoS) condition High
CVE-2024-39693 was published for next (npm) Jul 10, 2024
ProTip! Advisories are also available from the GraphQL API