GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,946
Erlang
29
GitHub Actions
16
Go
1,734
Maven
4,963
npm
3,493
NuGet
607
pip
3,059
Pub
10
RubyGems
832
Rust
779
Swift
34
Unreviewed advisories
All unreviewed
5,000+
3,494 advisories
Filter by severity
@strapi/plugin-users-permissions leaks 3rd party authentication tokens and authentication bypass
High
CVE-2024-34065
was published
for
@strapi/plugin-users-permissions
(npm)
Jun 12, 2024
@strapi/plugin-upload has a Denial-of-Service via Improper Exception Handling
Moderate
CVE-2024-31217
was published
for
@strapi/plugin-upload
(npm)
Jun 12, 2024
@strapi/plugin-content-manager leaks data via relations via the Admin Panel
Low
CVE-2024-29181
was published
for
@strapi/plugin-content-manager
(npm)
Jun 12, 2024
SummerNote Cross Site Scripting Vulnerability
Moderate
CVE-2024-37629
was published
for
summernote
(npm)
Jun 12, 2024
Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability
Moderate
CVE-2024-35255
was published
for
@azure/identity
(Go)
Jun 11, 2024
@grpc/grpc-js can allocate memory for incoming messages well above configured limits
Moderate
CVE-2024-37168
was published
for
@grpc/grpc-js
(npm)
Jun 10, 2024
ghtml Cross-Site Scripting (XSS) vulnerability
High
CVE-2024-37166
was published
for
ghtml
(npm)
Jun 10, 2024
lunary-ai/lunary allows users unauthorized access to projects
Critical
CVE-2024-4146
was published
for
lunary
(npm)
Jun 8, 2024
Generation of Error Message Containing Sensitive Information in zsa
Moderate
CVE-2024-37162
was published
for
zsa
(npm)
Jun 6, 2024
Arbitrary file read via Playwright's screenshot feature exploiting file wrapper
Moderate
CVE-2024-37169
was published
for
@jmondi/url-to-png
(npm)
Jun 5, 2024
Jan path traversal vulnerability
Critical
CVE-2024-37273
was published
for
@janhq/core
(npm)
Jun 4, 2024
Jan path traversal vulnerability
Critical
CVE-2024-36858
was published
for
@janhq/core
(npm)
Jun 4, 2024
Jan path traversal vulnerability
High
CVE-2024-36857
was published
for
@janhq/core
(npm)
Jun 4, 2024
Directus is soft-locked by providing a string value to random string util
High
CVE-2024-36128
was published
for
directus
(npm)
Jun 4, 2024
javascript-deobfuscator crafted payload can lead to code execution
High
CVE-2024-36120
was published
for
js-deobfuscator
(npm)
Jun 4, 2024
ip SSRF improper categorization in isPublic
High
CVE-2024-29415
was published
for
ip
(npm)
Jun 2, 2024
wangEditor was discovered to contain a cross-site scripting (XSS) vulnerability via the image upload function
Moderate
CVE-2022-25037
was published
for
@wangeditor/editor
(npm)
May 31, 2024
mysql2 vulnerable to Prototype Pollution
High
CVE-2024-21512
was published
for
mysql2
(npm)
May 30, 2024
vxe-table Cross-site Scripting vulnerability
Low
CVE-2023-1001
was published
for
vxe-table
(npm)
May 24, 2024
Pug allows JavaScript code execution if an application accepts untrusted input
High
CVE-2024-36361
was published
for
pug
(npm)
May 24, 2024
Ghost allows CSV Injection during member CSV export
High
CVE-2024-34448
was published
for
@tryghost/members-csv
(npm)
May 22, 2024
@fastify/session reuses destroyed session cookie
High
CVE-2024-35220
was published
for
@fastify/session
(npm)
May 21, 2024
MiguelCastillo @bit/loader Prototype Pollution issue
Moderate
CVE-2024-24293
was published
for
@bit/loader
(npm)
May 20, 2024
json-schema-ref-parser Prototype Pollution issue
High
CVE-2024-29651
was published
for
@apidevtools/json-schema-ref-parser
(npm)
May 20, 2024
Blackprint @blackprint/engine Prototype Pollution issue
Moderate
CVE-2024-24294
was published
for
@blackprint/engine
(npm)
May 20, 2024
ProTip!
Advisories are also available from the
GraphQL API