GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,444
Erlang
29
GitHub Actions
16
Go
1,668
Maven
4,929
npm
3,458
NuGet
595
pip
2,876
Pub
10
RubyGems
823
Rust
766
Swift
34
Unreviewed advisories
All unreviewed
5,000+
3,459 advisories
Filter by severity
@hono/node-server has Denial of Service risk when receiving Host header that cannot be parsed
High
CVE-2024-32652
was published
for
@hono/node-server
(npm)
Apr 19, 2024
Enabling Authentication does not close all logged in socket connections immediately
Low
GHSA-23q2-5gf8-gjpp
was published
for
uptime-kuma
(npm)
Apr 19, 2024
@andrei-tatar/nora-firebase-common Prototype Pollution vulnerability
High
CVE-2024-30564
was published
for
@andrei-tatar/nora-firebase-common
(npm)
Apr 18, 2024
Prototype pollution in emit function
Low
GHSA-82jv-9wjw-pqh6
was published
for
derby
(npm)
Apr 17, 2024
Stored Cross-site Scripting (XSS) in excalidraw's web embed component
Moderate
CVE-2024-32472
was published
for
@excalidraw/excalidraw
(npm)
Apr 17, 2024
Handling untrusted input can result in a crash, leading to loss of availability / denial of service
High
CVE-2024-30253
was published
for
@solana/web3.js
(npm)
Apr 17, 2024
AWS Amplify CLI has incorrect trust policy management
High
CVE-2024-28056
was published
for
@aws-amplify/cli
(npm)
Apr 15, 2024
phin may include sensitive headers in subsequent requests after redirect
Moderate
GHSA-x565-32qp-m3vf
was published
for
phin
(npm)
Apr 11, 2024
Matrix IRC Bridge truncated content of messages can be leaked
Moderate
CVE-2024-32000
was published
for
matrix-appservice-irc
(npm)
Apr 11, 2024
mysql2 Remote Code Execution (RCE) via the readCodeFor function
Critical
CVE-2024-21508
was published
for
mysql2
(npm)
Apr 11, 2024
Summernote vulnerable to cross-site scripting
Moderate
CVE-2024-29504
was published
for
summernote
(npm)
Apr 11, 2024
zcap has incomplete expiration checks in capability chains.
Moderate
CVE-2024-31995
was published
for
@digitalbazaar/zcap
(npm)
Apr 10, 2024
@fastify/secure-session: Reuse of destroyed secure session cookie
High
CVE-2024-31999
was published
for
@fastify/secure-session
(npm)
Apr 10, 2024
mysql2 cache poisoning vulnerability
Moderate
CVE-2024-21507
was published
for
mysql2
(npm)
Apr 10, 2024
mysql2 vulnerable to Prototype Poisoning
Moderate
CVE-2024-21509
was published
for
mysql2
(npm)
Apr 10, 2024
React Native Sms User Consent Intent Redirection Vulnerability
Moderate
CVE-2021-4438
was published
for
@kyivstarteam/react-native-sms-user-consent
(npm)
Apr 7, 2024
PsiTransfer: File integrity violation
Moderate
CVE-2024-31454
was published
for
psitransfer
(npm)
Apr 5, 2024
PsiTransfer: Violation of the integrity of file distribution
Moderate
CVE-2024-31453
was published
for
psitransfer
(npm)
Apr 5, 2024
SheetJS Regular Expression Denial of Service (ReDoS)
High
CVE-2024-22363
was published
for
xlsx
(npm)
Apr 5, 2024
dectalk-tts Uses Unencrypted HTTP Request
High
CVE-2024-31206
was published
for
dectalk-tts
(npm)
Apr 4, 2024
Undici's fetch with integrity option is too lax when algorithm is specified but hash value is in incorrect
Low
CVE-2024-30261
was published
for
undici
(npm)
Apr 4, 2024
Undici's Proxy-Authorization header not cleared on cross-origin redirect for dispatch, request, stream, pipeline
Low
CVE-2024-30260
was published
for
undici
(npm)
Apr 4, 2024
Vite's `server.fs.deny` did not deny requests for patterns with directories.
Moderate
CVE-2024-31207
was published
for
vite
(npm)
Apr 3, 2024
In Astro-Shield, setting a correct `integrity` attribute to injected code allows to bypass the allow-lists
High
CVE-2024-30250
was published
for
@kindspells/astro-shield
(npm)
Apr 1, 2024
ProTip!
Advisories are also available from the
GraphQL API