Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,444
Erlang
29
GitHub Actions
16
Go
1,668
Maven
4,929
npm
3,458
NuGet
595
pip
2,876
Pub
10
RubyGems
823
Rust
766
Swift
34
Unreviewed advisories
All unreviewed
5,000+

946 advisories

lobe-chat `/api/proxy` endpoint Server-Side Request Forgery vulnerability Critical
CVE-2024-32964 was published for @lobehub/chat (npm) May 10, 2024
yyzsec
xml-crypto vulnerable to XML signature verification bypass due improper verification of signature/signature spoofing Critical
CVE-2024-32962 was published for xml-crypto (npm) May 1, 2024
MySQL2 for Node Arbitrary Code Injection Critical
CVE-2024-21511 was published for mysql2 (npm) Apr 23, 2024
mysql2 Remote Code Execution (RCE) via the readCodeFor function Critical
CVE-2024-21508 was published for mysql2 (npm) Apr 11, 2024
MailDev Remote Code Execution Critical
CVE-2024-27448 was published for maildev (npm) Apr 5, 2024
stypr
Server crashes on invalid Cloud Function or Cloud Job name Critical
CVE-2024-29027 was published for parse-server (npm) Mar 19, 2024
mtrezza EhsanParsania
HTTP Handling Vulnerability in the Bare server Critical
CVE-2024-27922 was published for @tomphttp/bare-server-node (npm) Mar 5, 2024
hackermondev
JSONata expression can pollute the "Object" prototype Critical
CVE-2024-27307 was published for jsonata (npm) Mar 4, 2024
AlbertSPedersen
Budibase affected by VM2 Constructor Escape Vulnerability Critical
GHSA-4g2x-vq5p-5vj6 was published for @budibase/server (npm) Mar 1, 2024
ZDI-CAN-19105: Parse Server literalizeRegexPart SQL Injection Critical
CVE-2024-27298 was published for parse-server (npm) Mar 1, 2024
mtrezza EhsanParsania
@nfid/embed has compromised private key due to @dfinity/auth-client producing insecure session keys Critical
GHSA-84c3-j8r2-mcm8 was published for @nfid/embed (npm) Feb 26, 2024
agent-js: Insecure Key Generation in `Ed25519KeyIdentity.generate` Critical
CVE-2024-1631 was published for @dfinity/auth-client (npm) Feb 21, 2024
peterpeterparker krpeacock
Stimulsoft Dashboard.JS directory traversal vulnerability Critical
CVE-2024-24398 was published for stimulsoft-dashboards-js (npm) Feb 6, 2024
Ylianst MeshCentral Missing SSL Certificate Validation Critical
CVE-2023-51837 was published for meshcentral (npm) Jan 30, 2024
DeviceFarmer stf uses DES-ECB Critical
CVE-2023-51839 was published for @devicefarmer/stf (npm) Jan 29, 2024
@clerk/nextjs auth() and getAuth() methods vulnerable to insecure direct object reference (IDOR) Critical
CVE-2024-22206 was published for @clerk/nextjs (npm) Jan 12, 2024
nikosdouvlis SokratisVidros
colinclerk agis braden-clerk BRKalow
Arbitrary remote code execution within `wrangler dev` Workers sandbox Critical
CVE-2023-7080 was published for wrangler (npm) Jan 3, 2024
Lekensteyn
plotly.js prototype pollution vulnerability Critical
CVE-2023-46308 was published for plotly.js (Composer) Jan 3, 2024
bsock uses weak hashing algorithms Critical
CVE-2023-50475 was published for bsock (npm) Dec 21, 2023
Pedroetb TTS-API OS Command Injection Critical
CVE-2019-25158 was published for tts-api (npm) Dec 19, 2023
Cross-site Scripting in @spscommerce/ds-react Critical
GHSA-cfxh-frx4-9gjg was published for @spscommerce/ds-react (npm) Dec 15, 2023
shramko82 knedev42
jimthedev
Escalation of privileges in @sap/xssec Critical
CVE-2023-49583 was published for @sap/xssec (npm) Dec 12, 2023
leon-vg
Code execution in evershop Critical
CVE-2023-46498 was published for @evershop/evershop (npm) Dec 8, 2023
openssl npm package vulnerable to command execution Critical
CVE-2023-49210 was published for openssl (npm) Nov 23, 2023
crypto-js PBKDF2 1,000 times weaker than specified in 1993 and 1.3M times weaker than current standard Critical
CVE-2023-46233 was published for crypto-js (npm) Oct 25, 2023
Zemnmez nzgeek
ProTip! Advisories are also available from the GraphQL API