Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

15 advisories

Loading
HTML Injection in preact Moderate
GHSA-cg48-9hh2-x6mx was published for preact (npm) Sep 2, 2020
File upload local preview can run embedded scripts after user interaction Moderate
GHSA-8796-gc9j-63rv was published for matrix-react-sdk (npm) May 17, 2021
MR-ZHEEV
@actions/core has Delimiter Injection Vulnerability in exportVariable Moderate
CVE-2022-35954 was published for @actions/core (npm) Aug 18, 2022
jupenur
Injection in bodymen Moderate
CVE-2019-10792 was published for bodymen (npm) Apr 13, 2021
Prototype Pollution in dot-object Moderate
CVE-2019-10793 was published for dot-object (npm) Feb 9, 2022
RDIL
Prototype Pollution in undefsafe Moderate
CVE-2019-10795 was published for undefsafe (npm) Feb 9, 2022
RDIL
Header injection in nodemailer Moderate
CVE-2021-23400 was published for nodemailer (npm) Dec 10, 2021
Improper file handling in matrix-react-sdk Moderate
CVE-2021-32622 was published for matrix-react-sdk (npm) Feb 10, 2022
Nodejs ‘undici’ vulnerable to CRLF Injection via Content-Type Moderate
CVE-2022-35948 was published for undici (npm) Aug 18, 2022
happyhacking-k
CRLF Injection in Nodejs ‘undici’ via host Moderate
CVE-2023-23936 was published for undici (npm) Feb 16, 2023
Possible inject arbitrary `CSS` into the generated graph affecting the container HTML Moderate
CVE-2022-31108 was published for mermaid (npm) Jul 5, 2022
component-flatten vulnerable to Prototype Pollution Moderate
CVE-2019-10794 was published for component-flatten (npm) May 24, 2022
PostCSS line return parsing error Moderate
CVE-2023-44270 was published for postcss (npm) Sep 30, 2023
DCKcode
vm2 vulnerable to Inspect Manipulation Moderate
CVE-2023-32313 was published for vm2 (npm) May 17, 2023
arkark
Express ressource injection Moderate
CVE-2024-10491 was published for express (npm) Oct 29, 2024
axi92
ProTip! Advisories are also available from the GraphQL API