Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,702
Erlang
29
GitHub Actions
16
Go
1,708
Maven
4,944
npm
3,473
NuGet
603
pip
2,995
Pub
10
RubyGems
826
Rust
773
Swift
34
Unreviewed advisories
All unreviewed
5,000+

1,026 advisories

pubnub Insufficient Entropy vulnerability Moderate
CVE-2023-26154 was published for Pubnub (RubyGems) Dec 6, 2023
MiguelCastillo @bit/loader Prototype Pollution issue Moderate
CVE-2024-24293 was published for @bit/loader (npm) May 20, 2024
Blackprint @blackprint/engine Prototype Pollution issue Moderate
CVE-2024-24294 was published for @blackprint/engine (npm) May 20, 2024
Duplicate Advisory: jQuery Cross Site Scripting vulnerability Moderate
CVE-2020-23064 was published for jQuery (RubyGems) Jun 26, 2023 withdrawn
eoftedal
Potential XSS vulnerability in jQuery Moderate
CVE-2020-11023 was published for jQuery (RubyGems) Apr 29, 2020
masatokinugawa klaudialax
Trix Editor Arbitrary Code Execution Vulnerability Moderate
CVE-2024-34341 was published for trix (npm) May 7, 2024
Zmarkdown Server-Side Request Forgery (SSRF) in remark-download-images Moderate
GHSA-mf74-qq7w-6j7v was published for remark-images-download (npm) Feb 3, 2024
gustavi
Konga is vulnerable to Cross Site Scripting (XSS) attacks Moderate
CVE-2024-34243 was published for kongadmin (npm) May 14, 2024
Oceanic allows unsanitized user input to lead to path traversal in URLs Moderate
CVE-2024-34712 was published for oceanic.js (npm) May 14, 2024
Vendicated DonovanDMC
Nuckyz
Directus Lacks Session Tokens Invalidation Moderate
CVE-2024-34709 was published for directus (npm) May 13, 2024
Directus allows redacted data extraction on the API through "alias" Moderate
CVE-2024-34708 was published for directus (npm) May 13, 2024
elieehel
NocoDB SQL Injection vulnerability Moderate
CVE-2023-50718 was published for nocodb (npm) May 13, 2024
pyozzi-toss
NocoDB Allows Preview of Files with Dangerous Content Moderate
CVE-2023-50717 was published for nocodb (npm) May 13, 2024
pyozzi-toss
Vditor allows Cross-site Scripting via an attribute of an `A` element Moderate
CVE-2024-34449 was published for vditor (npm) May 3, 2024
kurwov vulnerable to Denial of Service due to improper data sanitization Moderate
CVE-2024-34075 was published for kurwov (npm) May 3, 2024
SuperchupuDev
s3-url-parser vulnerable to Denial of Service via regexes component Moderate
CVE-2024-25355 was published for s3-url-parser (npm) May 1, 2024
statics-server Cross-site Scripting vulnerability Moderate
CVE-2018-3771 was published for statics-server (npm) May 13, 2022
Uptime Kuma's authenticated path traversal via plugin repository name may lead to unavailability or data loss Moderate
CVE-2023-36822 was published for uptime-kuma (npm) May 1, 2024
n-thumann
ejs lacks certain pollution protection Moderate
CVE-2024-33883 was published for ejs (npm) Apr 28, 2024
MediaElement Vulnerable to Reflected XSS Moderate
CVE-2016-4567 was published for contao-components/mediaelement (Composer) May 17, 2022
Hono vulnerable to Restricted Directory Traversal in serveStatic with deno Moderate
CVE-2024-32869 was published for hono (npm) Apr 23, 2024
y0d3n
Joplin Cross Site Scripting Vulnerability via NOSCRIPT tags Moderate
CVE-2021-33295 was published for joplin (npm) Jun 17, 2022
Joplin Vulnerable to Cross-site Scripting in Note Content Moderate
CVE-2018-1000534 was published for joplin (npm) May 14, 2022
Joplin vulnerable to Cross-site Scripting in notes Moderate
CVE-2021-37916 was published for joplin (npm) May 24, 2022
Renovate vulnerable to arbitrary command injection via helmv3 manager and registryAliases Moderate
GHSA-rqgv-292v-5qgr was published for renovate (npm) Apr 23, 2024
meyfa
ProTip! Advisories are also available from the GraphQL API