GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,702
Erlang
29
GitHub Actions
16
Go
1,708
Maven
4,944
npm
3,473
NuGet
603
pip
2,995
Pub
10
RubyGems
826
Rust
773
Swift
34
Unreviewed advisories
All unreviewed
5,000+
1,026 advisories
Filter by severity
pubnub Insufficient Entropy vulnerability
Moderate
CVE-2023-26154
was published
for
Pubnub
(RubyGems)
Dec 6, 2023
MiguelCastillo @bit/loader Prototype Pollution issue
Moderate
CVE-2024-24293
was published
for
@bit/loader
(npm)
May 20, 2024
Blackprint @blackprint/engine Prototype Pollution issue
Moderate
CVE-2024-24294
was published
for
@blackprint/engine
(npm)
May 20, 2024
Duplicate Advisory: jQuery Cross Site Scripting vulnerability
Moderate
CVE-2020-23064
was published
for
jQuery
(RubyGems)
Jun 26, 2023
•
withdrawn
Potential XSS vulnerability in jQuery
Moderate
CVE-2020-11023
was published
for
jQuery
(RubyGems)
Apr 29, 2020
Trix Editor Arbitrary Code Execution Vulnerability
Moderate
CVE-2024-34341
was published
for
trix
(npm)
May 7, 2024
Zmarkdown Server-Side Request Forgery (SSRF) in remark-download-images
Moderate
GHSA-mf74-qq7w-6j7v
was published
for
remark-images-download
(npm)
Feb 3, 2024
Konga is vulnerable to Cross Site Scripting (XSS) attacks
Moderate
CVE-2024-34243
was published
for
kongadmin
(npm)
May 14, 2024
Oceanic allows unsanitized user input to lead to path traversal in URLs
Moderate
CVE-2024-34712
was published
for
oceanic.js
(npm)
May 14, 2024
Directus Lacks Session Tokens Invalidation
Moderate
CVE-2024-34709
was published
for
directus
(npm)
May 13, 2024
Directus allows redacted data extraction on the API through "alias"
Moderate
CVE-2024-34708
was published
for
directus
(npm)
May 13, 2024
NocoDB SQL Injection vulnerability
Moderate
CVE-2023-50718
was published
for
nocodb
(npm)
May 13, 2024
NocoDB Allows Preview of Files with Dangerous Content
Moderate
CVE-2023-50717
was published
for
nocodb
(npm)
May 13, 2024
Vditor allows Cross-site Scripting via an attribute of an `A` element
Moderate
CVE-2024-34449
was published
for
vditor
(npm)
May 3, 2024
kurwov vulnerable to Denial of Service due to improper data sanitization
Moderate
CVE-2024-34075
was published
for
kurwov
(npm)
May 3, 2024
s3-url-parser vulnerable to Denial of Service via regexes component
Moderate
CVE-2024-25355
was published
for
s3-url-parser
(npm)
May 1, 2024
statics-server Cross-site Scripting vulnerability
Moderate
CVE-2018-3771
was published
for
statics-server
(npm)
May 13, 2022
Uptime Kuma's authenticated path traversal via plugin repository name may lead to unavailability or data loss
Moderate
CVE-2023-36822
was published
for
uptime-kuma
(npm)
May 1, 2024
ejs lacks certain pollution protection
Moderate
CVE-2024-33883
was published
for
ejs
(npm)
Apr 28, 2024
MediaElement Vulnerable to Reflected XSS
Moderate
CVE-2016-4567
was published
for
contao-components/mediaelement
(Composer)
May 17, 2022
Hono vulnerable to Restricted Directory Traversal in serveStatic with deno
Moderate
CVE-2024-32869
was published
for
hono
(npm)
Apr 23, 2024
Joplin Cross Site Scripting Vulnerability via NOSCRIPT tags
Moderate
CVE-2021-33295
was published
for
joplin
(npm)
Jun 17, 2022
Joplin Vulnerable to Cross-site Scripting in Note Content
Moderate
CVE-2018-1000534
was published
for
joplin
(npm)
May 14, 2022
Joplin vulnerable to Cross-site Scripting in notes
Moderate
CVE-2021-37916
was published
for
joplin
(npm)
May 24, 2022
Renovate vulnerable to arbitrary command injection via helmv3 manager and registryAliases
Moderate
GHSA-rqgv-292v-5qgr
was published
for
renovate
(npm)
Apr 23, 2024
ProTip!
Advisories are also available from the
GraphQL API