Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
21
Go
2,003
Maven
5,000+
npm
3,714
NuGet
661
pip
3,387
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+

159 advisories

Loading
@sveltejs/kit vulnerable to on dev mode 404 page Low
CVE-2024-53261 was published for @sveltejs/kit (npm) Nov 25, 2024
benmccann eltigerchino
@sveltejs/kit has unescaped error message included on error page Low
CVE-2024-53262 was published for @sveltejs/kit (npm) Nov 25, 2024
dominikg eltigerchino
benmccann
Regular Expression Denial of Service (ReDoS) in @eslint/plugin-kit Low
CVE-2024-21539 was published for @eslint/plugin-kit (npm) Nov 15, 2024
mariancorneci-snyk SuperMaxine
MikuroXina
@workos-inc/authkit-remix refresh tokens are logged when the debug flag is enabled Low
CVE-2024-51753 was published for @workos-inc/authkit-remix (npm) Nov 5, 2024
@workos-inc/authkit-nextjs refresh tokens are logged when the debug flag is enabled Low
CVE-2024-51752 was published for @workos-inc/authkit-nextjs (npm) Nov 5, 2024
@langchain/community SQL Injection vulnerability Low
CVE-2024-7042 was published for @langchain/community (npm) Oct 29, 2024
ReDoS vulnerability in vue package that is exploitable through inefficient regex evaluation in the parseHTML function Low
CVE-2024-9506 was published for vue (npm) Oct 15, 2024
m3t3kh4n
Valid ECDSA signatures erroneously rejected in Elliptic Low
CVE-2024-48948 was published for elliptic (npm) Oct 15, 2024
martincostello IchordeDionysos
Elliptic's verify function omits uniqueness validation Low
CVE-2024-48949 was published for elliptic (npm) Oct 10, 2024
Markus-MS
cookie accepts cookie name, path, and domain with out of bounds characters Low
CVE-2024-47764 was published for cookie (npm) Oct 4, 2024
Express Open Redirect vulnerability Low
CVE-2024-9266 was published for express (npm) Oct 3, 2024
m3t3kh4n G-Rath
ReLaXed Cross-site Scripting vulnerability Low
CVE-2024-9283 was published for relaxedjs (npm) Sep 27, 2024
m3t3kh4n
Agnai vulnerable to Relative Path Traversal in Image Upload Low
CVE-2024-47171 was published for agnai (npm) Sep 26, 2024
ropwareJB
Agnai File Disclosure Vulnerability: JSON via Path Traversal Low
CVE-2024-47170 was published for agnai (npm) Sep 26, 2024
ropwareJB
Mattermost Desktop App fails to sufficiently configure Electron Fuses Low
CVE-2024-45835 was published for mattermost-desktop (npm) Sep 16, 2024
send vulnerable to template injection that can lead to XSS Low
CVE-2024-43799 was published for send (npm) Sep 10, 2024
AdamKorcz UlisesGascon
ctcpip wesleytodd
serve-static vulnerable to template injection that can lead to XSS Low
CVE-2024-43800 was published for serve-static (npm) Sep 10, 2024
AdamKorcz UlisesGascon
ctcpip wesleytodd
express vulnerable to XSS via response.redirect() Low
CVE-2024-43796 was published for express (npm) Sep 10, 2024
AdamKorcz UlisesGascon
ctcpip wesleytodd
AngularJS allows attackers to bypass common image source restrictions Low
CVE-2024-8372 was published for angular (npm) Sep 9, 2024
AngularJS allows attackers to bypass common image source restrictions Low
CVE-2024-8373 was published for angular (npm) Sep 9, 2024
Hono CSRF middleware can be bypassed using crafted Content-Type header Low
CVE-2024-43787 was published for hono (npm) Aug 22, 2024
wataru-chocola
Elliptic's EDDSA missing signature length check Low
CVE-2024-42459 was published for elliptic (npm) Aug 2, 2024
BlazingWizard
Elliptic's ECDSA missing check for whether leading bit of r and s is zero Low
CVE-2024-42460 was published for elliptic (npm) Aug 2, 2024
BlazingWizard
Elliptic allows BER-encoded signatures Low
CVE-2024-42461 was published for elliptic (npm) Aug 2, 2024
BlazingWizard
The fuels-ts typescript SDK has no awareness of to-be-spent transactions Low
CVE-2024-41945 was published for @fuel-ts/account (npm) Jul 30, 2024
Torres-ssf danielbate
Dhaiwat10 petertonysmith94 maschad arboleya
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database