Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,972
Erlang
29
GitHub Actions
16
Go
1,762
Maven
4,983
npm
3,518
NuGet
609
pip
3,094
Pub
10
RubyGems
833
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+

3,518 advisories

Loading
Server Side Request Forgery (SSRF) attack in Fedify High
CVE-2024-39687 was published for @fedify/fedify (npm) Jul 5, 2024
ThisIsMissEm
Malicious Matrix homeserver can leak truncated message content of messages it shouldn't have access to Moderate
CVE-2024-39691 was published for matrix-appservice-irc (npm) Jul 5, 2024
progval
ZDI-CAN-23894: Parse Server literalizeRegexPart SQL Injection Authentication Bypass Vulnerability Critical
CVE-2024-39309 was published for parse-server (npm) Jul 1, 2024
mtrezza
ag-grid-community were discovered to contain a prototype pollution via the _.mergeDeep function Critical
CVE-2024-38996 was published for ag-grid-community (npm) Jul 1, 2024
adolph_dudu ratio-swiper was discovered to contain a prototype pollution via the function extendDefaults Moderate
CVE-2024-38997 was published for @adolph_dudu/ratio-swiper (npm) Jul 1, 2024
@amoy/common v was discovered to contain a prototype pollution via the function extend High
CVE-2024-38994 was published for @amoy/common (npm) Jul 1, 2024
jsonic was discovered to contain a prototype pollution via the function empty. Critical
CVE-2024-38993 was published for jsonic (npm) Jul 1, 2024
frappejs was discovered to contain a prototype pollution via the function registerView High
CVE-2024-38992 was published for @airvertco/frappejs (npm) Jul 1, 2024
akbr patch-into was discovered to contain a prototype pollution via the function patchInto High
CVE-2024-38991 was published for @akbr/patch-into (npm) Jul 1, 2024
@fastly/js-compute has a use-after-free in some host call implementations Moderate
CVE-2024-38375 was published for @fastly/js-compute (npm) Jun 26, 2024
elliottt
Cross-site Scripting in ZenUML Moderate
CVE-2024-38527 was published for @zenuml/core (npm) Jun 26, 2024
Yash-Singh1
TinyMCE Cross-Site Scripting (XSS) vulnerability using noneditable_regexp option Moderate
CVE-2024-38356 was published for TinyMCE (Composer) Jun 19, 2024
TinyMCE Cross-Site Scripting (XSS) vulnerability using noscript elements Moderate
CVE-2024-38357 was published for TinyMCE (Composer) Jun 19, 2024
Malav-MK
socket.io has an unhandled 'error' event High
CVE-2024-38355 was published for socket.io (npm) Jun 19, 2024
Y0ursTruly
Lobe Chat API Key Leak Moderate
CVE-2024-37895 was published for @lobehub/chat (npm) Jun 17, 2024
zhuozhiyongde
ws affected by a DoS when handling a request with many HTTP headers High
CVE-2024-37890 was published for ws (npm) Jun 17, 2024
rrlapointe
@akbr/update Prototype Pollution Moderate
CVE-2024-36578 was published for @akbr/update (npm) Jun 17, 2024
obx Prototype Pollution Moderate
CVE-2024-36573 was published for @almela/obx (npm) Jun 17, 2024
Object Resolver Prototype Pollution High
CVE-2024-36577 was published for @apphp/object-resolver (npm) Jun 17, 2024
flatten-json Prototype Pollution Moderate
CVE-2024-36574 was published for @allanlancioni/flatten-json (npm) Jun 17, 2024
object-deep-assign Prototype Pollution Moderate
CVE-2024-36582 was published for @alexbinary/object-deep-assign (npm) Jun 17, 2024
Badger Database Prototype Pollution Moderate
CVE-2024-36581 was published for @abw/badger-database (npm) Jun 17, 2024
@cdr0/sg Prototype Pollution Moderate
CVE-2024-36580 was published for @cdr0/sg (npm) Jun 17, 2024
Mattermost Desktop App Remote Code Execution Moderate
CVE-2024-37182 was published for mattermost-desktop (npm) Jun 14, 2024
Mattermost Desktop App allows for bypassing TCC restrictions on macOS Low
CVE-2024-36287 was published for mattermost-desktop (npm) Jun 14, 2024
ProTip! Advisories are also available from the GraphQL API