GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,270
Erlang
31
GitHub Actions
21
Go
2,044
Maven
5,000+
npm
3,736
NuGet
663
pip
3,414
Pub
12
RubyGems
891
Rust
868
Swift
36
Unreviewed advisories
All unreviewed
5,000+
1,464 advisories
Filter by severity
Next.js authorization bypass vulnerability
High
CVE-2024-51479
was published
for
next
(npm)
Dec 17, 2024
Bit flip attack vulnerability in cookie-encrypter
High
CVE-2024-53441
was published
for
cookie-encrypter
(npm)
Dec 9, 2024
Avenwu Whistle Cross-Site Request Forgery (CSRF)
High
CVE-2024-55500
was published
for
whistle
(npm)
Dec 10, 2024
Directus allows unauthenticated access to WebSocket events and operations
High
CVE-2024-54151
was published
for
@directus/api
(npm)
Dec 9, 2024
semver vulnerable to Regular Expression Denial of Service
High
CVE-2022-25883
was published
for
semver
(npm)
Jun 21, 2023
Modified package published to npm, containing malware that exfiltrates private key material
High
CVE-2024-54134
was published
for
@solana/web3.js
(npm)
Dec 4, 2024
Mongoose search injection vulnerability
High
CVE-2024-53900
was published
for
mongoose
(npm)
Dec 2, 2024
@lobehub/chat Server Side Request Forgery vulnerability
High
CVE-2024-32965
was published
for
@lobehub/chat
(npm)
Nov 26, 2024
convict vulnerable to Prototype Pollution
High
CVE-2023-0163
was published
for
convict
(npm)
Jan 10, 2023
Withdrawn Advisory: Lunary Improper Authentication vulnerability
High
CVE-2024-6582
was published
for
lunary
(npm)
Sep 13, 2024
•
withdrawn
Flowise OverrideConfig security vulnerability
High
GHSA-5cph-wvm9-45gj
was published
for
flowise
(npm)
Nov 21, 2024
@strapi/plugin-users-permissions leaks 3rd party authentication tokens and authentication bypass
High
CVE-2024-34065
was published
for
@strapi/plugin-users-permissions
(npm)
Jun 12, 2024
Regular Expression Denial of Service (ReDoS) in cross-spawn
High
CVE-2024-21538
was published
for
cross-spawn
(npm)
Nov 8, 2024
@backstage/plugin-catalog-backend Prototype Pollution vulnerability
High
CVE-2024-45815
was published
for
@backstage/plugin-catalog-backend
(npm)
Sep 17, 2024
Lunary improper access control vulnerability
High
CVE-2024-6087
was published
for
lunary
(npm)
Sep 13, 2024
@backstage/plugin-techdocs-backend storage bucket Directory Traversal vulnerability
High
CVE-2024-45816
was published
for
@backstage/plugin-techdocs-backend
(npm)
Sep 17, 2024
node-gettext vulnerable to Prototype Pollution
High
CVE-2024-21528
was published
for
node-gettext
(npm)
Sep 10, 2024
Directus incorrectly handles `_in` filter
High
CVE-2024-39701
was published
for
directus
(npm)
Jul 8, 2024
Directus GraphQL Field Duplication Denial of Service (DoS)
High
CVE-2024-39895
was published
for
@directus/env
(npm)
Jul 8, 2024
rejetto HFS vulnerable to OS Command Execution by remote authenticated users
High
CVE-2024-39943
was published
for
hfs
(npm)
Jul 5, 2024
njwt Prototype Pollution vulnerability
High
CVE-2024-34273
was published
for
njwt
(npm)
May 16, 2024
Improper certificate management in AWS IoT Device SDK v2
High
CVE-2021-40829
was published
for
aws-iot-device-sdk-v2
(Maven)
Nov 24, 2021
Improper certificate management in AWS IoT Device SDK v2
High
CVE-2021-40830
was published
for
aws-iot-device-sdk-v2
(Maven)
Nov 24, 2021
Improper certificate management in AWS IoT Device SDK v2
High
CVE-2021-40831
was published
for
aws-iot-device-sdk-v2
(Maven)
Nov 24, 2021
Remote Code Execution on click of <a> Link in markdown preview
High
CVE-2024-49362
was published
for
joplin
(npm)
Nov 14, 2024
ProTip!
Advisories are also available from the
GraphQL API