GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,238
Erlang
31
GitHub Actions
21
Go
2,005
Maven
5,000+
npm
3,716
NuGet
661
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
3,716 advisories
Filter by severity
@dapperduckling/keycloak-connector-server has Reflected XSS Vulnerability in Authentication Flow URL Handling
Moderate
CVE-2024-53843
was published
for
@dapperduckling/keycloak-connector-server
(npm)
Nov 26, 2024
@lobehub/chat Server Side Request Forgery vulnerability
High
CVE-2024-32965
was published
for
@lobehub/chat
(npm)
Nov 26, 2024
@sveltejs/kit vulnerable to on dev mode 404 page
Low
CVE-2024-53261
was published
for
@sveltejs/kit
(npm)
Nov 25, 2024
@sveltejs/kit has unescaped error message included on error page
Low
CVE-2024-53262
was published
for
@sveltejs/kit
(npm)
Nov 25, 2024
smol-toml has a Denial of Service via malicious TOML document using deeply nested inline tables
Moderate
GHSA-pqhp-25j4-6hq9
was published
for
smol-toml
(npm)
Nov 22, 2024
Flowise OverrideConfig security vulnerability
High
GHSA-5cph-wvm9-45gj
was published
for
flowise
(npm)
Nov 21, 2024
Firebase JavaScript SDK allows attackers to manipulate the "_authTokenSyncURL" to point to their own server
Moderate
CVE-2024-11023
was published
for
firebase
(npm)
Nov 18, 2024
Regular Expression Denial of Service (ReDoS) in @eslint/plugin-kit
Low
CVE-2024-21539
was published
for
@eslint/plugin-kit
(npm)
Nov 15, 2024
Remote Code Execution on click of <a> Link in markdown preview
High
CVE-2024-49362
was published
for
joplin
(npm)
Nov 14, 2024
dom-iterator code execution vulnerability
Moderate
CVE-2024-21541
was published
for
dom-iterator
(npm)
Nov 13, 2024
matrix-js-sdk has insufficient MXC URI validation which allows client-side path traversal
Moderate
CVE-2024-50336
was published
for
matrix-js-sdk
(npm)
Nov 12, 2024
Regular Expression Denial of Service (ReDoS) in cross-spawn
High
CVE-2024-21538
was published
for
cross-spawn
(npm)
Nov 8, 2024
happy-dom allows for server side code to be executed by a <script> tag
Critical
CVE-2024-51757
was published
for
happy-dom
(npm)
Nov 6, 2024
@workos-inc/authkit-remix refresh tokens are logged when the debug flag is enabled
Low
CVE-2024-51753
was published
for
@workos-inc/authkit-remix
(npm)
Nov 5, 2024
@workos-inc/authkit-nextjs refresh tokens are logged when the debug flag is enabled
Low
CVE-2024-51752
was published
for
@workos-inc/authkit-nextjs
(npm)
Nov 5, 2024
Path traversal in oak allows transfer of hidden files within the served root directory
High
CVE-2024-49770
was published
for
@oakserver/oak
(npm)
Nov 1, 2024
Glossarizer Cross-site Scripting vulnerability
Moderate
CVE-2024-42515
was published
for
glossarizer
(npm)
Oct 31, 2024
DOMPurify vulnerable to tampering by prototype polution
Critical
CVE-2024-48910
was published
for
dompurify
(npm)
Oct 31, 2024
lilconfig Code Injection vulnerability
High
CVE-2024-21537
was published
for
lilconfig
(npm)
Oct 31, 2024
@langchain/community SQL Injection vulnerability
Low
CVE-2024-7042
was published
for
@langchain/community
(npm)
Oct 29, 2024
Langchain Path Traversal vulnerability
Moderate
CVE-2024-7774
was published
for
langchain
(npm)
Oct 29, 2024
CycloneDX cdxgen may execute code contained within build-related files
Moderate
CVE-2024-50611
was published
for
@cyclonedx/cdxgen
(npm)
Oct 28, 2024
useragent Regular Expression Denial of Service vulnerability
Moderate
CVE-2020-26311
was published
for
useragent
(npm)
Oct 26, 2024
Knwl.js Regular Expression Denial of Service vulnerability
Moderate
CVE-2020-26306
was published
for
knwl.js
(npm)
Oct 26, 2024
ProTip!
Advisories are also available from the
GraphQL API