GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,444
Erlang
29
GitHub Actions
16
Go
1,668
Maven
4,929
npm
3,458
NuGet
595
pip
2,876
Pub
10
RubyGems
823
Rust
766
Swift
34
Unreviewed advisories
All unreviewed
5,000+
3,459 advisories
Filter by severity
lobe-chat `/api/proxy` endpoint Server-Side Request Forgery vulnerability
Critical
CVE-2024-32964
was published
for
@lobehub/chat
(npm)
May 10, 2024
thelounge may publicly disclose of all usernames/idents via port 113
Low
GHSA-g49q-jw42-6x85
was published
for
thelounge
(npm)
May 9, 2024
Next.js Server-Side Request Forgery in Server Actions
High
CVE-2024-34351
was published
for
next
(npm)
May 9, 2024
Next.js Vulnerable to HTTP Request Smuggling
High
CVE-2024-34350
was published
for
next
(npm)
May 9, 2024
@cyclonedx/cyclonedx-library Improper Restriction of XML External Entity Reference vulnerability
High
CVE-2024-34345
was published
for
@cyclonedx/cyclonedx-library
(npm)
May 8, 2024
@hoppscotch/cli affected by Sandbox Escape in @hoppscotch/js-sandbox leads to RCE
High
CVE-2024-34347
was published
for
@hoppscotch/cli
(npm)
Apr 22, 2024
react-pdf vulnerable to arbitrary JavaScript execution upon opening a malicious PDF with PDF.js
High
CVE-2024-34342
was published
for
react-pdf
(npm)
May 7, 2024
Trix Editor Arbitrary Code Execution Vulnerability
Moderate
CVE-2024-34341
was published
for
trix
(npm)
May 7, 2024
PDF.js vulnerable to arbitrary JavaScript execution upon opening a malicious PDF
High
CVE-2024-4367
was published
for
pdfjs-dist
(npm)
May 7, 2024
Vditor allows Cross-site Scripting via an attribute of an `A` element
Moderate
CVE-2024-34449
was published
for
vditor
(npm)
May 3, 2024
kurwov vulnerable to Denial of Service due to improper data sanitization
Moderate
CVE-2024-34075
was published
for
kurwov
(npm)
May 3, 2024
libxmljs vulnerable to type confusion when parsing specially crafted XML
High
CVE-2024-34391
was published
for
libxmljs
(npm)
May 2, 2024
libxmljs vulnerable to type confusion when parsing specially crafted XML
High
CVE-2024-34394
was published
for
libxmljs2
(npm)
May 2, 2024
libxmljs vulnerable to type confusion when parsing specially crafted XML
High
CVE-2024-34392
was published
for
libxmljs
(npm)
May 2, 2024
Server-Side Template Injection in formio
Critical
CVE-2020-28246
was published
for
formio
(npm)
Jun 3, 2022
Firebase vulnerable to CRSF attack
Low
CVE-2024-4128
was published
for
firebase-tools
(npm)
May 2, 2024
libxmljs2 type confusion vulnerability when parsing specially crafted XML
High
CVE-2024-34393
was published
for
libxmljs2
(npm)
May 2, 2024
s3-url-parser vulnerable to Denial of Service via regexes component
Moderate
CVE-2024-25355
was published
for
s3-url-parser
(npm)
May 1, 2024
xml-crypto vulnerable to XML signature verification bypass due improper verification of signature/signature spoofing
Critical
CVE-2024-32962
was published
for
xml-crypto
(npm)
May 1, 2024
Undici proxy-authorization header not cleared on cross-origin redirect in fetch
Low
CVE-2024-24758
was published
for
undici
(npm)
Feb 16, 2024
statics-server Cross-site Scripting vulnerability
Moderate
CVE-2018-3771
was published
for
statics-server
(npm)
May 13, 2022
Formidable arbitrary file upload
Critical
CVE-2022-29622
was published
for
formidable
(npm)
May 17, 2022
•
withdrawn
Uptime Kuma vulnerable to authenticated remote code execution via malicious plugin installation
High
CVE-2023-36821
was published
for
uptime-kuma
(npm)
May 1, 2024
Uptime Kuma's authenticated path traversal via plugin repository name may lead to unavailability or data loss
Moderate
CVE-2023-36822
was published
for
uptime-kuma
(npm)
May 1, 2024
ProTip!
Advisories are also available from the
GraphQL API