GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,096
Erlang
29
GitHub Actions
19
Go
1,925
Maven
5,000+
npm
3,654
NuGet
638
pip
3,263
Pub
10
RubyGems
873
Rust
823
Swift
35
Unreviewed advisories
All unreviewed
5,000+
3,654 advisories
Filter by severity
fast-xml-parser vulnerable to ReDOS at currency parsing
High
CVE-2024-41818
was published
for
fast-xml-parser
(npm)
Jul 29, 2024
vue-template-compiler vulnerable to client-side Cross-Site Scripting (XSS)
Moderate
CVE-2024-6783
was published
for
vue-template-compiler
(npm)
Jul 23, 2024
(ReDoS) Regular Expression Denial of Service in tf2-item-format
High
CVE-2024-41655
was published
for
tf2-item-format
(npm)
Jul 23, 2024
Zowe CLI allows storage of previously entered secure credentials in a plaintext file
Moderate
CVE-2024-6833
was published
for
@zowe/cli
(npm)
Jul 17, 2024
Plate media plugins has a XSS in media embed element when using custom URL parsers
High
CVE-2024-40631
was published
for
@udecode/plate-media
(npm)
Jul 15, 2024
@jmondi/url-to-png enables capture screenshot of localhost web services (unauthenticated pages)
Low
CVE-2024-39919
was published
for
@jmondi/url-to-png
(npm)
Jul 15, 2024
@jmondi/url-to-png contains a Path Traversal vulnerability
Moderate
CVE-2024-39918
was published
for
@jmondi/url-to-png
(npm)
Jul 15, 2024
Bootstrap Cross-Site Scripting (XSS) vulnerability
Moderate
CVE-2024-6484
was published
for
bootstrap
(RubyGems)
Jul 11, 2024
Bootstrap Cross-Site Scripting (XSS) vulnerability
Moderate
CVE-2024-6531
was published
for
bootstrap
(RubyGems)
Jul 11, 2024
Next.js Denial of Service (DoS) condition
High
CVE-2024-39693
was published
for
next
(npm)
Jul 10, 2024
speaker vulnerable to Denial of Service
High
CVE-2024-21526
was published
for
speaker
(npm)
Jul 10, 2024
node-twain vulnerable to Improper Check or Handling of Exceptional Conditions
High
CVE-2024-21525
was published
for
node-twain
(npm)
Jul 10, 2024
node-stringbuilder vulnerable to Out-of-bounds Read
High
CVE-2024-21524
was published
for
node-stringbuilder
(npm)
Jul 10, 2024
images vulnerable to Denial of Service
High
CVE-2024-21523
was published
for
images
(npm)
Jul 10, 2024
@discordjs/opus vulnerable to Denial of Service
High
CVE-2024-21521
was published
for
@discordjs/opus
(npm)
Jul 10, 2024
audify vulnerable to Improper Validation of Array Index
High
CVE-2024-21522
was published
for
audify
(npm)
Jul 10, 2024
electron-updater Code Signing Bypass on Windows
High
CVE-2024-39698
was published
for
electron-updater
(npm)
Jul 9, 2024
Undici vulnerable to data leak when using response.arrayBuffer()
Low
CVE-2024-38372
was published
for
undici
(npm)
Jul 9, 2024
Directus Allows Single Sign-On User Enumeration
High
CVE-2024-39896
was published
for
directus
(npm)
Jul 8, 2024
Directus GraphQL Field Duplication Denial of Service (DoS)
Moderate
CVE-2024-39895
was published
for
@directus/env
(npm)
Jul 8, 2024
Directus incorrectly handles `_in` filter
Moderate
CVE-2024-39701
was published
for
directus
(npm)
Jul 8, 2024
Directus Blind SSRF On File Import
Moderate
CVE-2024-39699
was published
for
@directus/api
(npm)
Jul 8, 2024
Server Side Request Forgery (SSRF) attack in Fedify
High
CVE-2024-39687
was published
for
@fedify/fedify
(npm)
Jul 5, 2024
Malicious Matrix homeserver can leak truncated message content of messages it shouldn't have access to
Moderate
CVE-2024-39691
was published
for
matrix-appservice-irc
(npm)
Jul 5, 2024
rejetto HFS vulnerable to OS Command Execution by remote authenticated users
Critical
CVE-2024-39943
was published
for
hfs
(npm)
Jul 5, 2024
ProTip!
Advisories are also available from the
GraphQL API