Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,198
Erlang
31
GitHub Actions
19
Go
1,986
Maven
5,000+
npm
3,702
NuGet
660
pip
3,328
Pub
11
RubyGems
883
Rust
843
Swift
36
Unreviewed advisories
All unreviewed
5,000+

156 advisories

Loading
thelounge may publicly disclose of all usernames/idents via port 113 Low
GHSA-g49q-jw42-6x85 was published for thelounge (npm) May 9, 2024
Juerd
Firebase vulnerable to CRSF attack Low
CVE-2024-4128 was published for firebase-tools (npm) May 2, 2024
Enabling Authentication does not close all logged in socket connections immediately Low
GHSA-23q2-5gf8-gjpp was published for uptime-kuma (npm) Apr 19, 2024
Prototype pollution in emit function Low
GHSA-82jv-9wjw-pqh6 was published for derby (npm) Apr 17, 2024
chluo1997
Undici's fetch with integrity option is too lax when algorithm is specified but hash value is in incorrect Low
CVE-2024-30261 was published for undici (npm) Apr 4, 2024
Uzlopak
Undici's Proxy-Authorization header not cleared on cross-origin redirect for dispatch, request, stream, pipeline Low
CVE-2024-30260 was published for undici (npm) Apr 4, 2024
Session Token in URL in directus Low
CVE-2024-28238 was published for directus (npm) Mar 12, 2024
Potential leakage of Sentry auth tokens by React Native SDK with Expo plugin Low
GHSA-68c2-4mpx-qh95 was published for @sentry/react-native (npm) Mar 1, 2024
OpenZeppelin Contracts base64 encoding may read from potentially dirty memory Low
CVE-2024-27094 was published for @openzeppelin/contracts (npm) Feb 29, 2024
rholterhus
es5-ext vulnerable to Regular Expression Denial of Service in `function#copy` and `function#toStringTokens` Low
CVE-2024-27088 was published for es5-ext (npm) Feb 26, 2024
GAP-dev SCH227
Undici proxy-authorization header not cleared on cross-origin redirect in fetch Low
CVE-2024-24758 was published for undici (npm) Feb 16, 2024
T1m0n0 mcollina
lambda-middleware Inefficient Regular Expression Complexity vulnerability Low
CVE-2021-4437 was published for @lambda-middleware/json-deserializer (npm) Feb 12, 2024
NPM IP package incorrectly identifies some private IP addresses as public Low
CVE-2023-42282 was published for ip (npm) Feb 8, 2024
G-Rath levpachmanov
dotboris iFreilicht
Local File Inclusion vulnerability in zmarkdown Low
GHSA-mq6v-w35g-3c97 was published for zmarkdown (npm) Feb 3, 2024
gustavi
google-translate-api-browser Server-Side Request Forgery (SSRF) Vulnerability Low
CVE-2023-48711 was published for google-translate-api-browser (npm) Nov 27, 2023
PinkDraconian
Next.js missing cache-control header may lead to CDN caching empty reply Low
CVE-2023-46298 was published for next (npm) Oct 22, 2023
medikoo
Undici's cookie header not cleared on cross-origin redirect in fetch Low
CVE-2023-45143 was published for undici (npm) Oct 16, 2023
ranjit-git KhafraDev
mcollina
Prevent logging invalid header values Low
GHSA-j5g3-5c8r-7qfx was published for @apollo/server (npm) Aug 30, 2023
Minimal `basti` IAM Policy Allows Shell Access Low
GHSA-q4pp-j36h-3gqg was published for basti-cdk (npm) Aug 24, 2023
ramimac
matrix-appservice-irc events can be crafted to leak parts of targeted messages from other bridged rooms Low
CVE-2023-38700 was published for matrix-appservice-irc (npm) Aug 4, 2023
Vendure Cross Site Request Forgery vulnerability impacting all API requests Low
GHSA-h9wq-xcqx-mqxm was published for @vendure/core (npm) Jul 11, 2023
Yaniv-git
sweetalert2 v11.6.14 and above contains potentially undesirable behavior Low
GHSA-mrr8-v49w-3333 was published for sweetalert2 (npm) Jul 10, 2023
Stylelint has vulnerability in semver dependency Low
GHSA-f7xj-rg7h-mc87 was published for stylelint (npm) Jul 7, 2023 withdrawn
romainmenke
Shescape potential environment variable exposure on Windows with CMD Low
CVE-2023-35931 was published for shescape (npm) Jun 22, 2023
@apollo/server vulnerable to unsafe application of Content Security Policy via reused nonces Low
GHSA-68jh-rf6x-836f was published for @apollo/server (npm) Jun 16, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database