GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
48 advisories
Vite's `server.fs.deny` is bypassed when using `?import&raw`
Moderate
CVE-2024-45811
was published
for
vite
(npm)
Sep 17, 2024
Directus allows redacted data extraction on the API through "alias"
Moderate
CVE-2024-34708
was published
for
directus
(npm)
May 13, 2024
Vite's `server.fs.deny` did not deny requests for patterns with directories.
Moderate
CVE-2024-31207
was published
for
vite
(npm)
Apr 3, 2024
follow-redirects' Proxy-Authorization header kept across hosts
Moderate
CVE-2024-28849
was published
for
follow-redirects
(npm)
Mar 14, 2024
sanitize-html Information Exposure vulnerability
Moderate
CVE-2024-21501
was published
for
sanitize-html
(npm)
Feb 24, 2024
Strapi's field level permissions not being respected in relationship title
Moderate
CVE-2023-37263
was published
for
@strapi/plugin-content-manager
(npm)
Sep 13, 2023
Strapi may leak sensitive user information, user reset password, tokens via content-manager views
Moderate
CVE-2023-36472
was published
for
@strapi/admin
(npm)
Sep 13, 2023
Incorrect Permission Checking for GraphQL Subscriptions
Moderate
CVE-2023-38503
was published
for
directus
(npm)
Jul 25, 2023
Making all attributes on a content-type public without noticing it
Moderate
CVE-2023-34093
was published
for
@strapi/database
(npm)
Jul 25, 2023
Directus vulnerable to extraction of password hashes through export querying
Moderate
CVE-2023-27481
was published
for
directus
(npm)
Mar 8, 2023
Exfiltration of hashed SMB credentials on Windows via file:// redirect
Moderate
CVE-2022-36077
was published
for
electron
(npm)
Nov 10, 2022
Potential Sensitive Cookie Exposure in NPM Packages @finastra/nestjs-proxy, @ffdc/nestjs-proxy
Moderate
CVE-2022-31070
was published
for
@finastra/nestjs-proxy
(npm)
Jun 17, 2022
Potential Authorization Header Exposure in NPM Packages @finastra/nestjs-proxy, @ffdc/nestjs-proxy
Moderate
CVE-2022-31069
was published
for
@finastra/nestjs-proxy
(npm)
Jun 17, 2022
Exposure of Sensitive Information to an Unauthorized Actor in semantic-release
Moderate
CVE-2022-31051
was published
for
semantic-release
(npm)
Jun 9, 2022
ProTip!
Advisories are also available from the
GraphQL API