GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
1,458 advisories
Filter by severity
@lobehub/chat Server Side Request Forgery vulnerability
High
CVE-2024-32965
was published
for
@lobehub/chat
(npm)
Nov 26, 2024
convict vulnerable to Prototype Pollution
High
CVE-2023-0163
was published
for
convict
(npm)
Jan 10, 2023
Withdrawn Advisory: Lunary Improper Authentication vulnerability
High
CVE-2024-6582
was published
for
lunary
(npm)
Sep 13, 2024
•
withdrawn
Flowise OverrideConfig security vulnerability
High
GHSA-5cph-wvm9-45gj
was published
for
flowise
(npm)
Nov 21, 2024
@strapi/plugin-users-permissions leaks 3rd party authentication tokens and authentication bypass
High
CVE-2024-34065
was published
for
@strapi/plugin-users-permissions
(npm)
Jun 12, 2024
Regular Expression Denial of Service (ReDoS) in cross-spawn
High
CVE-2024-21538
was published
for
cross-spawn
(npm)
Nov 8, 2024
@backstage/plugin-catalog-backend Prototype Pollution vulnerability
High
CVE-2024-45815
was published
for
@backstage/plugin-catalog-backend
(npm)
Sep 17, 2024
Lunary improper access control vulnerability
High
CVE-2024-6087
was published
for
lunary
(npm)
Sep 13, 2024
@backstage/plugin-techdocs-backend storage bucket Directory Traversal vulnerability
High
CVE-2024-45816
was published
for
@backstage/plugin-techdocs-backend
(npm)
Sep 17, 2024
node-gettext vulnerable to Prototype Pollution
High
CVE-2024-21528
was published
for
node-gettext
(npm)
Sep 10, 2024
rejetto HFS vulnerable to OS Command Execution by remote authenticated users
High
CVE-2024-39943
was published
for
hfs
(npm)
Jul 5, 2024
Directus incorrectly handles `_in` filter
High
CVE-2024-39701
was published
for
directus
(npm)
Jul 8, 2024
Directus GraphQL Field Duplication Denial of Service (DoS)
High
CVE-2024-39895
was published
for
@directus/env
(npm)
Jul 8, 2024
njwt Prototype Pollution vulnerability
High
CVE-2024-34273
was published
for
njwt
(npm)
May 16, 2024
Improper certificate management in AWS IoT Device SDK v2
High
CVE-2021-40829
was published
for
aws-iot-device-sdk-v2
(Maven)
Nov 24, 2021
Improper certificate management in AWS IoT Device SDK v2
High
CVE-2021-40830
was published
for
aws-iot-device-sdk-v2
(Maven)
Nov 24, 2021
Improper certificate management in AWS IoT Device SDK v2
High
CVE-2021-40831
was published
for
aws-iot-device-sdk-v2
(Maven)
Nov 24, 2021
Remote Code Execution on click of <a> Link in markdown preview
High
CVE-2024-49362
was published
for
joplin
(npm)
Nov 14, 2024
Parse Server's custom object ID allows to acquire role privileges
High
CVE-2024-47183
was published
for
parse-server
(npm)
Oct 4, 2024
Next.js Denial of Service (DoS) condition
High
CVE-2024-39693
was published
for
next
(npm)
Jul 10, 2024
kangax html-minifier REDoS vulnerability
High
CVE-2022-37620
was published
for
html-minifier
(npm)
Oct 31, 2022
lilconfig Code Injection vulnerability
High
CVE-2024-21537
was published
for
lilconfig
(npm)
Oct 31, 2024
Path traversal in oak allows transfer of hidden files within the served root directory
High
CVE-2024-49770
was published
for
@oakserver/oak
(npm)
Nov 1, 2024
git-commit-info vulnerable to Command Injection
High
CVE-2023-26134
was published
for
git-commit-info
(npm)
Jun 28, 2023
OS Command Injection in Snyk gradle plugin
High
CVE-2024-48964
was published
for
snyk-gradle-plugin
(npm)
Oct 23, 2024
ProTip!
Advisories are also available from the
GraphQL API