Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,347
Erlang
31
GitHub Actions
22
Go
2,117
Maven
5,000+
npm
3,768
NuGet
680
pip
3,457
Pub
12
RubyGems
892
Rust
888
Swift
38
Unreviewed advisories
All unreviewed
5,000+

1,157 advisories

Loading
ASAR Integrity bypass via filetype confusion in electron Moderate
CVE-2023-44402 was published for electron (npm) Dec 1, 2023
MarshallOfSound
@adobe/css-tools Improper Input Validation and Inefficient Regular Expression Complexity Moderate
CVE-2023-48631 was published for @adobe/css-tools (npm) Nov 30, 2023
Uptime Kuma Authenticated remote code execution via TailscalePing Moderate
GHSA-hfxh-rjv7-2369 was published for uptime-kuma (npm) Nov 27, 2023
vaadata-pascala
Attribute Injection leading to XSS(Cross-Site-Scripting) Moderate
CVE-2023-49276 was published for uptime-kuma (npm) Nov 24, 2023
gtg2619
Possible user mocking that bypasses basic authentication Moderate
CVE-2023-48309 was published for next-auth (npm) Nov 20, 2023
securing dastaj
magnunm balazsorban44 ThangHuuVu
Bypass of field access control in strapi-plugin-protected-populate Moderate
CVE-2023-48218 was published for strapi-plugin-protected-populate (npm) Nov 20, 2023
JWT Algorithm Confusion Moderate
CVE-2023-48223 was published for fast-jwt (npm) Nov 20, 2023
PinkDraconian
@vendure/core's insecure currencyCode handling allows wrong payment amounts Moderate
GHSA-wm63-7627-ch33 was published for @vendure/core (npm) Nov 17, 2023
seminarian
Duplicate Advisory: CKEditor Cross-site Scripting vulnerability Moderate
GHSA-hxjc-9j8v-v9pr was published for ckeditor4 (npm) Nov 16, 2023 withdrawn
TinyMCE vulnerable to mutation Cross-site Scripting via special characters in unescaped text nodes Moderate
CVE-2023-48219 was published for TinyMCE (Composer) Nov 15, 2023
masatokinugawa
DOMPurify Open Redirect vulnerability Moderate
CVE-2019-25155 was published for dompurify (npm) Nov 14, 2023
Cross-site Scripting in cesium Moderate
CVE-2023-48094 was published for cesium (npm) Nov 14, 2023 withdrawn
juburr
Bootbox.js Cross Site Scripting vulnerability Moderate
CVE-2023-46998 was published for bootbox (npm) Nov 14, 2023
Sentry Next.js vulnerable to SSRF via Next.js SDK tunnel endpoint Moderate
CVE-2023-46729 was published for @sentry/nextjs (npm) Nov 9, 2023
NASA Open MCT Cross Site Request Forgery (CSRF) vulnerability Moderate
CVE-2023-45884 was published for openmct (npm) Nov 9, 2023
MarkLee131
NASA Open MCT Cross Site Scripting vulnerability Moderate
CVE-2023-45885 was published for openmct (npm) Nov 9, 2023
MarkLee131
chromedriver Command Injection vulnerability Moderate
CVE-2023-26156 was published for chromedriver (npm) Nov 9, 2023
Axios Cross-Site Request Forgery Vulnerability Moderate
CVE-2023-45857 was published for axios (npm) Nov 8, 2023
vintagesucks danewilson
cordova-plugin-fingerprint-aio DoS vulnerability Moderate
CVE-2021-43849 was published for cordova-plugin-fingerprint-aio (npm) Nov 2, 2023
0xWise64
TinyMCE XSS vulnerability in notificationManager.open API Moderate
CVE-2023-45819 was published for TinyMCE (Composer) Oct 19, 2023
philipsinnott
TinyMCE mXSS vulnerability in undo/redo, getContent API, resetContent API, and Autosave plugin Moderate
CVE-2023-45818 was published for TinyMCE (Composer) Oct 19, 2023
masatokinugawa
React Developer Tools extension Improper Authorization vulnerability Moderate
CVE-2023-5654 was published for react-devtools-core (npm) Oct 19, 2023
nocodb SQL Injection vulnerability Moderate
CVE-2023-43794 was published for nocodb (npm) Oct 17, 2023
sylwia-budzynska
Allocation of Resources Without Limits or Throttling in vriteio/vrite Moderate
CVE-2023-5573 was published for @vrite/sdk (npm) Oct 13, 2023
Improper Input Validation in vriteio/vrite Moderate
CVE-2023-5571 was published for @vrite/sdk (npm) Oct 13, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database