Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,356
Erlang
31
GitHub Actions
22
Go
2,120
Maven
5,000+
npm
3,782
NuGet
683
pip
3,460
Pub
12
RubyGems
893
Rust
892
Swift
38
Unreviewed advisories
All unreviewed
5,000+

3,782 advisories

Loading
Badger Database Prototype Pollution High
CVE-2024-36581 was published for @abw/badger-database (npm) Jun 17, 2024
object-deep-assign Prototype Pollution Moderate
CVE-2024-36582 was published for @alexbinary/object-deep-assign (npm) Jun 17, 2024
@cdr0/sg Prototype Pollution Moderate
CVE-2024-36580 was published for @cdr0/sg (npm) Jun 17, 2024
Mattermost Desktop App allows for bypassing TCC restrictions on macOS Low
CVE-2024-36287 was published for mattermost-desktop (npm) Jun 14, 2024
Mattermost Desktop App Remote Code Execution Moderate
CVE-2024-37182 was published for mattermost-desktop (npm) Jun 14, 2024
@strapi/plugin-users-permissions leaks 3rd party authentication tokens and authentication bypass High
CVE-2024-34065 was published for @strapi/plugin-users-permissions (npm) Jun 12, 2024
Eventyret iarce-qb
derrickmehaffy Convly innerdvations alexandrebodin
@strapi/plugin-upload has a Denial-of-Service via Improper Exception Handling Moderate
CVE-2024-31217 was published for @strapi/plugin-upload (npm) Jun 12, 2024
CxDavidepaalte derrickmehaffy
Marc-Roig alexandrebodin
@strapi/plugin-content-manager leaks data via relations via the Admin Panel Low
CVE-2024-29181 was published for @strapi/plugin-content-manager (npm) Jun 12, 2024
felixdkatt derrickmehaffy
Bassel17 christiancp100
SummerNote Cross Site Scripting Vulnerability Moderate
CVE-2024-37629 was published for summernote (npm) Jun 12, 2024
Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability Moderate
CVE-2024-35255 was published for @azure/identity (Go) Jun 11, 2024
scottaddie localden
@grpc/grpc-js can allocate memory for incoming messages well above configured limits Moderate
CVE-2024-37168 was published for @grpc/grpc-js (npm) Jun 10, 2024
jhump
ghtml Cross-Site Scripting (XSS) vulnerability High
CVE-2024-37166 was published for ghtml (npm) Jun 10, 2024
lirantal
lunary-ai/lunary Access Control Vulnerability in Prompt Variation Management Moderate
CVE-2024-5389 was published for lunary (npm) Jun 10, 2024 withdrawn
lunary-ai/lunary allows users unauthorized access to projects Critical
CVE-2024-4146 was published for lunary (npm) Jun 8, 2024 withdrawn
vincelwt
Generation of Error Message Containing Sensitive Information in zsa Moderate
CVE-2024-37162 was published for zsa (npm) Jun 6, 2024
tom-sherman
lunary-ai/lunary XSS in SAML metadata endpoint High
CVE-2024-5478 was published for lunary (npm) Jun 6, 2024
Arbitrary file read via Playwright's screenshot feature exploiting file wrapper Moderate
CVE-2024-37169 was published for @jmondi/url-to-png (npm) Jun 5, 2024
timoxoszt jasonraimondi
Jan path traversal vulnerability Critical
CVE-2024-37273 was published for @janhq/core (npm) Jun 4, 2024
Jan path traversal vulnerability Critical
CVE-2024-36858 was published for @janhq/core (npm) Jun 4, 2024
Van-QA
Jan path traversal vulnerability High
CVE-2024-36857 was published for @janhq/core (npm) Jun 4, 2024
Directus is soft-locked by providing a string value to random string util High
CVE-2024-36128 was published for directus (npm) Jun 4, 2024
Zehir
javascript-deobfuscator crafted payload can lead to code execution High
CVE-2024-36120 was published for js-deobfuscator (npm) Jun 4, 2024
SteakEnthusiast
ip SSRF improper categorization in isPublic High
CVE-2024-29415 was published for ip (npm) Jun 2, 2024
ThisIsMissEm
wangEditor was discovered to contain a cross-site scripting (XSS) vulnerability via the image upload function Moderate
CVE-2022-25037 was published for @wangeditor/editor (npm) May 31, 2024
mysql2 vulnerable to Prototype Pollution High
CVE-2024-21512 was published for mysql2 (npm) May 30, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database