Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,168
Erlang
30
GitHub Actions
19
Go
1,978
Maven
5,000+
npm
3,698
NuGet
656
pip
3,315
Pub
11
RubyGems
882
Rust
832
Swift
35
Unreviewed advisories
All unreviewed
5,000+

43 advisories

Loading
secp256k1-node allows private key extraction over ECDH High
CVE-2024-48930 was published for secp256k1 (npm) Oct 21, 2024
ChALkeR jprichardson
Malicious homeservers can steal message keys when the matrix-react-sdk user invites another user to a room High
CVE-2024-47824 was published for matrix-react-sdk (npm) Oct 15, 2024
dkasak
Matrix JavaScript SDK's key history sharing could share keys to malicious devices High
CVE-2024-47080 was published for matrix-js-sdk (npm) Oct 15, 2024
dkasak
Tina search token leak via lock file in TinaCMS High
CVE-2024-45391 was published for @tinacms/cli (npm) Sep 3, 2024
kldavis4 mattsbennett
Vite Server Options (server.fs.deny) can be bypassed using double forward-slash (//) High
CVE-2023-34092 was published for vite (npm) Jun 6, 2023
agussetyar thenameisajay
dloetzke
Directus Allows Single Sign-On User Enumeration High
CVE-2024-39896 was published for directus (npm) Jul 8, 2024
@backstage/backend-app-api leaks GitLab access tokens High
CVE-2023-6944 was published for @backstage/backend-app-api (npm) Jan 4, 2024
Vite dev server option `server.fs.deny` can be bypassed when hosted on case-insensitive filesystem High
CVE-2024-23331 was published for vite (npm) Jan 19, 2024
dariushoule
Tauri's Updater Private Keys Possibly Leaked via Vite Environment Variables High
CVE-2023-46115 was published for @tauri-apps/cli (npm) Oct 20, 2023
node-fetch forwards secure headers to untrusted sites High
CVE-2022-0235 was published for node-fetch (npm) Jan 21, 2022
kurt-r2c
Potential memory exposure in dns-packet High
CVE-2021-23386 was published for dns-packet (npm) May 24, 2021
Hidden fields can be leaked on readable collections in Payload High
CVE-2023-30843 was published for payload (npm) Apr 26, 2023
cpaczek
Ghost vulnerable to information disclosure of private API fields High
CVE-2023-31133 was published for ghost (npm) May 3, 2023
cpaczek
Leaking sensitive user information still possible by filtering on private with prefix fields High
CVE-2023-34235 was published for @strapi/database (npm) Jul 25, 2023
Boegie19 derrickmehaffy
innerdvations Marc-Roig Bassel17
auth0-js Privilege Escalation Vulnerability High
CVE-2017-17068 was published for auth0-js (npm) Dec 21, 2017
node-sqlite is malware High
CVE-2017-16048 was published for node-sqlite (npm) Jul 23, 2018
Insecure template handling in Squirrelly High
CVE-2021-32819 was published for squirrelly (npm) May 17, 2021
nebrelbug
cofee-script is malware High
CVE-2017-16206 was published for cofee-script (npm) Aug 6, 2018
Arbitrary File Read in phantom-html-to-pdf High
CVE-2020-7763 was published for phantom-html-to-pdf (npm) Nov 6, 2020
Rendertron discloses absolute paths of files High
CVE-2017-18355 was published for rendertron (npm) Feb 12, 2019
Insecure template handling in Express-handlebars High
CVE-2021-32820 was published for express-handlebars (npm) Feb 10, 2022
Protected fields exposed via LiveQuery High
CVE-2022-31112 was published for parse-server (npm) Jul 6, 2022
NocoDB information disclosure vulnerability High
CVE-2022-2062 was published for nocodb (npm) Jun 14, 2022
Incorrect Authorization in @uppy/companion High
CVE-2022-0528 was published for @uppy/companion (npm) Mar 4, 2022
Private Data Disclosure in express-restify-mongoose High
CVE-2016-10533 was published for express-restify-mongoose (npm) Oct 23, 2018
tdunlap607
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database