Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,658
Erlang
29
GitHub Actions
16
Go
1,706
Maven
4,939
npm
3,471
NuGet
603
pip
2,986
Pub
10
RubyGems
826
Rust
773
Swift
34
Unreviewed advisories
All unreviewed
5,000+

3,472 advisories

kurwov vulnerable to Denial of Service due to improper data sanitization Moderate
CVE-2024-34075 was published for kurwov (npm) May 3, 2024
SuperchupuDev
PDF.js vulnerable to arbitrary JavaScript execution upon opening a malicious PDF High
CVE-2024-4367 was published for pdfjs-dist (npm) May 7, 2024
ThomasRinsma
react-pdf vulnerable to arbitrary JavaScript execution upon opening a malicious PDF with PDF.js High
CVE-2024-34342 was published for react-pdf (npm) May 7, 2024
calixteman ThomasRinsma
wojtekmaj
Trix Editor Arbitrary Code Execution Vulnerability Moderate
CVE-2024-34341 was published for trix (npm) May 7, 2024
@cyclonedx/cyclonedx-library Improper Restriction of XML External Entity Reference vulnerability High
CVE-2024-34345 was published for @cyclonedx/cyclonedx-library (npm) May 8, 2024
jkowalleck
Next.js Vulnerable to HTTP Request Smuggling High
CVE-2024-34350 was published for next (npm) May 9, 2024
elifoster-block
Next.js Server-Side Request Forgery in Server Actions High
CVE-2024-34351 was published for next (npm) May 9, 2024
thelounge may publicly disclose of all usernames/idents via port 113 Low
GHSA-g49q-jw42-6x85 was published for thelounge (npm) May 9, 2024
Juerd
lobe-chat `/api/proxy` endpoint Server-Side Request Forgery vulnerability Critical
CVE-2024-32964 was published for @lobehub/chat (npm) May 10, 2024
yyzsec
@valtimo/components exposes access token to form.io Critical
CVE-2024-34706 was published for @valtimo/components (npm) May 13, 2024
NocoDB Allows Preview of Files with Dangerous Content Moderate
CVE-2023-50717 was published for nocodb (npm) May 13, 2024
pyozzi-toss
NocoDB SQL Injection vulnerability Moderate
CVE-2023-50718 was published for nocodb (npm) May 13, 2024
pyozzi-toss
Directus allows redacted data extraction on the API through "alias" Moderate
CVE-2024-34708 was published for directus (npm) May 13, 2024
elieehel
NocoDB Vulnerable to Stored Cross-Site Scripting in Formula.vue High
CVE-2023-49781 was published for nocodb (npm) May 13, 2024
zpbrent
Directus Lacks Session Tokens Invalidation Moderate
CVE-2024-34709 was published for directus (npm) May 13, 2024
Konga is vulnerable to Cross Site Scripting (XSS) attacks Moderate
CVE-2024-34243 was published for kongadmin (npm) May 14, 2024
Oceanic allows unsanitized user input to lead to path traversal in URLs Moderate
CVE-2024-34712 was published for oceanic.js (npm) May 14, 2024
Vendicated DonovanDMC
Nuckyz
Blackprint @blackprint/engine Prototype Pollution issue Moderate
CVE-2024-24294 was published for @blackprint/engine (npm) May 20, 2024
MiguelCastillo @bit/loader Prototype Pollution issue Moderate
CVE-2024-24293 was published for @bit/loader (npm) May 20, 2024
json-schema-ref-parser Prototype Pollution issue High
CVE-2024-29651 was published for @apidevtools/json-schema-ref-parser (npm) May 20, 2024
@fastify/session reuses destroyed session cookie High
CVE-2024-35220 was published for @fastify/session (npm) May 21, 2024
Ghost allows CSV Injection during member CSV export High
CVE-2024-34448 was published for @tryghost/members-csv (npm) May 22, 2024
ProTip! Advisories are also available from the GraphQL API