GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
1,094 advisories
Filter by severity
Ghost's improper authentication allows access to member information and actions
Moderate
CVE-2024-43409
was published
for
@tryghost/portal
(npm)
Aug 20, 2024
matrix-js-sdk will freeze when a user sets a room with itself as a its predecessor
Moderate
CVE-2024-42369
was published
for
matrix-js-sdk
(npm)
Aug 20, 2024
Improper access control in Directus
Moderate
CVE-2024-6534
was published
for
directus
(npm)
Aug 15, 2024
Trix has a cross-site Scripting vulnerability on copy & paste
Moderate
CVE-2024-43368
was published
for
trix
(npm)
Aug 14, 2024
Qwik has a potential mXSS vulnerability due to improper HTML escaping
Moderate
CVE-2024-41677
was published
for
@builder.io/qwik
(npm)
Aug 6, 2024
Matrix SDK for React's URL preview setting for a room is controllable by the homeserver
Moderate
CVE-2024-42347
was published
for
matrix-react-sdk
(npm)
Aug 6, 2024
Flowise Cross-site Scripting in /api/v1/public-chatflows/id
Moderate
CVE-2024-36423
was published
for
flowise
(npm)
Aug 5, 2024
Flowise Cross-site Scripting in api/v1/chatflows/id
Moderate
CVE-2024-36422
was published
for
flowise
(npm)
Aug 5, 2024
Flowise Cross-site Scripting in /api/v1/chatflows-streaming/id
Moderate
CVE-2024-37145
was published
for
flowise
(npm)
Aug 5, 2024
Flowise Cross-site Scripting in/api/v1/credentials/id
Moderate
CVE-2024-37146
was published
for
flowise
(npm)
Aug 5, 2024
Scrypted Cross-site Scripting vulnerability
Moderate
CVE-2023-47620
was published
for
@scrypted/server
(npm)
Aug 5, 2024
Scrypted Cross-site Scripting vulnerability
Moderate
CVE-2023-47623
was published
for
@scrypted/core
(npm)
Aug 5, 2024
Editor.js vulnerable to Code Injection
Moderate
CVE-2022-23474
was published
for
@editorjs/editorjs
(npm)
Aug 5, 2024
nuxt vulnerable to Cross-site Scripting in navigateTo if used after SSR
Moderate
CVE-2024-34343
was published
for
nuxt
(npm)
Aug 5, 2024
Bostr Improper Authorization vulnerability
Moderate
CVE-2024-41962
was published
for
bostr
(npm)
Aug 2, 2024
vue-template-compiler vulnerable to client-side Cross-Site Scripting (XSS)
Moderate
CVE-2024-6783
was published
for
vue-template-compiler
(npm)
Jul 23, 2024
Zowe CLI allows storage of previously entered secure credentials in a plaintext file
Moderate
CVE-2024-6833
was published
for
@zowe/cli
(npm)
Jul 17, 2024
@jmondi/url-to-png contains a Path Traversal vulnerability
Moderate
CVE-2024-39918
was published
for
@jmondi/url-to-png
(npm)
Jul 15, 2024
Bootstrap Cross-Site Scripting (XSS) vulnerability
Moderate
CVE-2024-6484
was published
for
bootstrap
(RubyGems)
Jul 11, 2024
Bootstrap Cross-Site Scripting (XSS) vulnerability
Moderate
CVE-2024-6531
was published
for
bootstrap
(RubyGems)
Jul 11, 2024
Directus GraphQL Field Duplication Denial of Service (DoS)
Moderate
CVE-2024-39895
was published
for
@directus/env
(npm)
Jul 8, 2024
Directus incorrectly handles `_in` filter
Moderate
CVE-2024-39701
was published
for
directus
(npm)
Jul 8, 2024
Directus Blind SSRF On File Import
Moderate
CVE-2024-39699
was published
for
@directus/api
(npm)
Jul 8, 2024
Malicious Matrix homeserver can leak truncated message content of messages it shouldn't have access to
Moderate
CVE-2024-39691
was published
for
matrix-appservice-irc
(npm)
Jul 5, 2024
ProTip!
Advisories are also available from the
GraphQL API