GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,224
Erlang
31
GitHub Actions
19
Go
1,990
Maven
5,000+
npm
3,706
NuGet
661
pip
3,336
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+
155 advisories
Filter by severity
Regular expression denial of service in jquery-validation
Low
CVE-2021-43306
was published
for
jquery-validation
(npm)
Jun 3, 2022
@workos-inc/authkit-nextjs refresh tokens are logged when the debug flag is enabled
Low
CVE-2024-51752
was published
for
@workos-inc/authkit-nextjs
(npm)
Nov 5, 2024
@workos-inc/authkit-remix refresh tokens are logged when the debug flag is enabled
Low
CVE-2024-51753
was published
for
@workos-inc/authkit-remix
(npm)
Nov 5, 2024
Valid ECDSA signatures erroneously rejected in Elliptic
Low
CVE-2024-48948
was published
for
elliptic
(npm)
Oct 15, 2024
@langchain/community SQL Injection vulnerability
Low
CVE-2024-7042
was published
for
@langchain/community
(npm)
Oct 29, 2024
Forwarding of confidentials headers to third parties in fluture-node
Low
CVE-2022-24719
was published
for
fluture-node
(npm)
Mar 1, 2022
ReDoS vulnerability in vue package that is exploitable through inefficient regex evaluation in the parseHTML function
Low
CVE-2024-9506
was published
for
vue
(npm)
Oct 15, 2024
Elliptic's verify function omits uniqueness validation
Low
CVE-2024-48949
was published
for
elliptic
(npm)
Oct 10, 2024
ReLaXed Cross-site Scripting vulnerability
Low
CVE-2024-9283
was published
for
relaxedjs
(npm)
Sep 27, 2024
cookie accepts cookie name, path, and domain with out of bounds characters
Low
CVE-2024-47764
was published
for
cookie
(npm)
Oct 4, 2024
Agnai vulnerable to Relative Path Traversal in Image Upload
Low
CVE-2024-47171
was published
for
agnai
(npm)
Sep 26, 2024
Agnai File Disclosure Vulnerability: JSON via Path Traversal
Low
CVE-2024-47170
was published
for
agnai
(npm)
Sep 26, 2024
Mattermost Desktop App fails to sufficiently configure Electron Fuses
Low
CVE-2024-45835
was published
for
mattermost-desktop
(npm)
Sep 16, 2024
Mattermost Desktop App fails to safeguard screen capture functionality
Low
CVE-2024-39772
was published
for
mattermost-desktop
(npm)
Sep 16, 2024
AngularJS allows attackers to bypass common image source restrictions
Low
CVE-2024-8373
was published
for
angular
(npm)
Sep 9, 2024
AngularJS allows attackers to bypass common image source restrictions
Low
CVE-2024-8372
was published
for
angular
(npm)
Sep 9, 2024
CKEditor4 low-risk cross-site scripting (XSS) vulnerability linked to potential domain takeover
Low
CVE-2024-43411
was published
for
ckeditor4
(npm)
Aug 21, 2024
Stylelint has vulnerability in semver dependency
Low
GHSA-f7xj-rg7h-mc87
was published
for
stylelint
(npm)
Jul 7, 2023
•
withdrawn
Elliptic's EDDSA missing signature length check
Low
CVE-2024-42459
was published
for
elliptic
(npm)
Aug 2, 2024
Elliptic's ECDSA missing check for whether leading bit of r and s is zero
Low
CVE-2024-42460
was published
for
elliptic
(npm)
Aug 2, 2024
Elliptic allows BER-encoded signatures
Low
CVE-2024-42461
was published
for
elliptic
(npm)
Aug 2, 2024
Undici vulnerable to data leak when using response.arrayBuffer()
Low
CVE-2024-38372
was published
for
undici
(npm)
Jul 9, 2024
@jmondi/url-to-png enables capture screenshot of localhost web services (unauthenticated pages)
Low
CVE-2024-39919
was published
for
@jmondi/url-to-png
(npm)
Jul 15, 2024
ProTip!
Advisories are also available from the
GraphQL API