GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
3,716 advisories
Filter by severity
@lobehub/chat Server Side Request Forgery vulnerability
High
CVE-2024-32965
was published
for
@lobehub/chat
(npm)
Nov 26, 2024
convict vulnerable to Prototype Pollution
High
CVE-2023-0163
was published
for
convict
(npm)
Jan 10, 2023
Nunjucks autoescape bypass leads to cross site scripting
Moderate
CVE-2023-2142
was published
for
nunjucks
(npm)
Apr 20, 2023
@dapperduckling/keycloak-connector-server has Reflected XSS Vulnerability in Authentication Flow URL Handling
Moderate
CVE-2024-53843
was published
for
@dapperduckling/keycloak-connector-server
(npm)
Nov 26, 2024
Agnai vulnerable to Relative Path Traversal in Image Upload
Low
CVE-2024-47171
was published
for
agnai
(npm)
Sep 26, 2024
Agnai File Disclosure Vulnerability: JSON via Path Traversal
Low
CVE-2024-47170
was published
for
agnai
(npm)
Sep 26, 2024
Agnai vulnerable to Remote Code Execution via JS Upload using Directory Traversal
Critical
CVE-2024-47169
was published
for
agnai
(npm)
Sep 26, 2024
@sveltejs/kit vulnerable to on dev mode 404 page
Low
CVE-2024-53261
was published
for
@sveltejs/kit
(npm)
Nov 25, 2024
@sveltejs/kit has unescaped error message included on error page
Low
CVE-2024-53262
was published
for
@sveltejs/kit
(npm)
Nov 25, 2024
libxmljs2 vulnerable to type confusion when parsing specially crafted XML
Critical
CVE-2024-34394
was published
for
libxmljs2
(npm)
May 2, 2024
libxmljs2 type confusion vulnerability when parsing specially crafted XML
Critical
CVE-2024-34393
was published
for
libxmljs2
(npm)
May 2, 2024
libxmljs vulnerable to type confusion when parsing specially crafted XML
Critical
CVE-2024-34391
was published
for
libxmljs
(npm)
May 2, 2024
Cross-site scripting in bootstrap-select
Moderate
CVE-2019-20921
was published
for
bootstrap-select
(npm)
May 7, 2021
Withdrawn Advisory: Lunary Improper Authentication vulnerability
High
CVE-2024-6582
was published
for
lunary
(npm)
Sep 13, 2024
•
withdrawn
lunary-ai/lunary Access Control Vulnerability in Prompt Variation Management
Moderate
CVE-2024-5389
was published
for
lunary
(npm)
Jun 10, 2024
•
withdrawn
smol-toml has a Denial of Service via malicious TOML document using deeply nested inline tables
Moderate
GHSA-pqhp-25j4-6hq9
was published
for
smol-toml
(npm)
Nov 22, 2024
Open Chinese Convert subject to Denial of Service via Out-of-bounds Read
Moderate
CVE-2018-16982
was published
for
opencc
(npm)
May 14, 2022
AngularJS allows attackers to bypass common image source restrictions
Low
CVE-2024-8373
was published
for
angular
(npm)
Sep 9, 2024
AngularJS allows attackers to bypass common image source restrictions
Low
CVE-2024-8372
was published
for
angular
(npm)
Sep 9, 2024
Flowise OverrideConfig security vulnerability
High
GHSA-5cph-wvm9-45gj
was published
for
flowise
(npm)
Nov 21, 2024
@strapi/plugin-users-permissions leaks 3rd party authentication tokens and authentication bypass
High
CVE-2024-34065
was published
for
@strapi/plugin-users-permissions
(npm)
Jun 12, 2024
Regular Expression Denial of Service (ReDoS) in @eslint/plugin-kit
Low
CVE-2024-21539
was published
for
@eslint/plugin-kit
(npm)
Nov 15, 2024
Regular Expression Denial of Service (ReDoS) in cross-spawn
High
CVE-2024-21538
was published
for
cross-spawn
(npm)
Nov 8, 2024
Bootstrap Cross-Site Scripting (XSS) vulnerability for data-* attributes
Moderate
CVE-2024-6485
was published
for
bootstrap
(npm)
Jul 11, 2024
ProTip!
Advisories are also available from the
GraphQL API