GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,096
Erlang
29
GitHub Actions
19
Go
1,925
Maven
5,000+
npm
3,654
NuGet
638
pip
3,263
Pub
10
RubyGems
873
Rust
823
Swift
35
Unreviewed advisories
All unreviewed
5,000+
3,654 advisories
Filter by severity
Prototype pollution in izatop bunt
Critical
CVE-2024-38989
was published
for
@bunt/app
(npm)
Aug 12, 2024
Qwik has a potential mXSS vulnerability due to improper HTML escaping
Moderate
CVE-2024-41677
was published
for
@builder.io/qwik
(npm)
Aug 6, 2024
Matrix SDK for React's URL preview setting for a room is controllable by the homeserver
Moderate
CVE-2024-42347
was published
for
matrix-react-sdk
(npm)
Aug 6, 2024
Flowise Cross-site Scripting in/api/v1/credentials/id
Moderate
CVE-2024-37146
was published
for
flowise
(npm)
Aug 5, 2024
Flowise Cross-site Scripting in /api/v1/public-chatflows/id
Moderate
CVE-2024-36423
was published
for
flowise
(npm)
Aug 5, 2024
Flowise Cross-site Scripting in api/v1/chatflows/id
Moderate
CVE-2024-36422
was published
for
flowise
(npm)
Aug 5, 2024
Flowise Cross-site Scripting in /api/v1/chatflows-streaming/id
Moderate
CVE-2024-37145
was published
for
flowise
(npm)
Aug 5, 2024
Flowise Path Injection at /api/v1/openai-assistants-file
High
CVE-2024-36420
was published
for
flowise
(npm)
Aug 5, 2024
Flowise Cors Misconfiguration in packages/server/src/index.ts
High
CVE-2024-36421
was published
for
flowise
(npm)
Aug 5, 2024
NextChat has full-read SSRF and XSS vulnerability in /api/cors endpoint
Critical
CVE-2023-49785
was published
for
nextchat
(npm)
Aug 5, 2024
Scrypted Cross-site Scripting vulnerability
Moderate
CVE-2023-47620
was published
for
@scrypted/server
(npm)
Aug 5, 2024
Scrypted Cross-site Scripting vulnerability
Moderate
CVE-2023-47623
was published
for
@scrypted/core
(npm)
Aug 5, 2024
Editor.js vulnerable to Code Injection
Moderate
CVE-2022-23474
was published
for
@editorjs/editorjs
(npm)
Aug 5, 2024
Nuxt Icon affected by a Server-Side Request Forgery (SSRF)
High
CVE-2024-42352
was published
for
@nuxt/icon
(npm)
Aug 5, 2024
Nuxt vulnerable to remote code execution via the browser when running the test locally
High
CVE-2024-34344
was published
for
nuxt
(npm)
Aug 5, 2024
nuxt vulnerable to Cross-site Scripting in navigateTo if used after SSR
Moderate
CVE-2024-34343
was published
for
nuxt
(npm)
Aug 5, 2024
Nuxt Devtools has a Path Traversal: '../filedir'
High
CVE-2024-23657
was published
for
@nuxt/devtools
(npm)
Aug 5, 2024
Rocket.Chat Server-Side Request Forgery (SSRF) vulnerability
High
CVE-2024-39713
was published
for
rocket.chat
(npm)
Aug 5, 2024
Elliptic allows BER-encoded signatures
Low
CVE-2024-42461
was published
for
elliptic
(npm)
Aug 2, 2024
Elliptic's ECDSA missing check for whether leading bit of r and s is zero
Low
CVE-2024-42460
was published
for
elliptic
(npm)
Aug 2, 2024
Elliptic's EDDSA missing signature length check
Low
CVE-2024-42459
was published
for
elliptic
(npm)
Aug 2, 2024
Bostr Improper Authorization vulnerability
Moderate
CVE-2024-41962
was published
for
bostr
(npm)
Aug 2, 2024
@75lb/deep-merge Prototype Pollution vulnerability
High
CVE-2024-38986
was published
for
@75lb/deep-merge
(npm)
Jul 30, 2024
The fuels-ts typescript SDK has no awareness of to-be-spent transactions
Low
CVE-2024-41945
was published
for
@fuel-ts/account
(npm)
Jul 30, 2024
ProTip!
Advisories are also available from the
GraphQL API