Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,356
Erlang
31
GitHub Actions
22
Go
2,120
Maven
5,000+
npm
3,782
NuGet
683
pip
3,460
Pub
12
RubyGems
893
Rust
892
Swift
38
Unreviewed advisories
All unreviewed
5,000+

1,161 advisories

Loading
When `ui.isAccessAllowed` is `undefined`, the `adminMeta` GraphQL query is publicly accessible Moderate
CVE-2023-40027 was published for @keystone-6/core (npm) Aug 15, 2023
dcousens
Svelecte item names vulnerable to execution of arbitrary JavaScript Moderate
CVE-2023-38687 was published for svelecte (npm) Aug 14, 2023
FeldrinH
OpenZeppelin Contracts vulnerable to Improper Escaping of Output Moderate
CVE-2023-40014 was published for @openzeppelin/contracts (npm) Aug 11, 2023
Critters Cross-site Scripting Vulnerability Moderate
CVE-2023-3481 was published for critters (npm) Aug 11, 2023
SUCHMOKUO node-worker-threads-pool denial of service Vulnerability Moderate
CVE-2021-29057 was published for node-worker-threads-pool (npm) Aug 11, 2023
nalandial
Margox Braft-Editor Cross-site Scripting Vulnerability Moderate
CVE-2021-27524 was published for braft-editor (npm) Aug 11, 2023
matrix-appservice-irc IRC command injection via admin commands containing newlines Moderate
CVE-2023-38690 was published for matrix-appservice-irc (npm) Aug 4, 2023
matrix-appservice-bridge doesn't verify the sub parameter of an openId token exhange, allowing unauthorized access to provisioning APIs Moderate
CVE-2023-38691 was published for matrix-appservice-bridge (npm) Aug 4, 2023
Cloudflare Wrangler directory traversal vulnerability Moderate
CVE-2023-3348 was published for wrangler (npm) Aug 3, 2023
.eth registrar controller can shorten the duration of registered names Moderate
CVE-2023-38698 was published for @ensdomains/ens-contracts (npm) Aug 1, 2023
@simonsmith/cypress-image-snapshothas fix for insecure snapshot file names Moderate
CVE-2023-38695 was published for @simonsmith/cypress-image-snapshot (npm) Aug 1, 2023
thib3113 simonsmith
Incorrect Permission Checking for GraphQL Subscriptions Moderate
CVE-2023-38503 was published for directus (npm) Jul 25, 2023
madc
Unintentional leakage of private information via cross-origin websocket session hijacking Moderate
CVE-2023-2850 was published for nodebb (npm) Jul 25, 2023
mowzk barisusakli
Making all attributes on a content-type public without noticing it Moderate
CVE-2023-34093 was published for @strapi/database (npm) Jul 25, 2023
nathan-pichon Marc-Roig
derrickmehaffy innerdvations Convly
matrix-react-sdk vulnerable to XSS in Export Chat feature Moderate
CVE-2023-37259 was published for matrix-react-sdk (npm) Jul 18, 2023
layui vulnerable to cross-site scripting Moderate
CVE-2023-3691 was published for layui (npm) Jul 16, 2023
tarteaucitron.js vulnerable to Cross-site Scripting Moderate
CVE-2023-3620 was published for tarteaucitronjs (npm) Jul 11, 2023
ckeditor-wordcount-plugin vulnerable to Cross-site Scripting in Source Mode of Editor Moderate
CVE-2023-37905 was published for ckeditor-wordcount-plugin (npm) Jul 10, 2023
sypets ohader
@vendure/admin-ui-plugin authenticated Cross-site Scripting vulnerability Moderate
GHSA-gm68-572p-q28r was published for @vendure/admin-ui-plugin (npm) Jul 6, 2023
Yaniv-git
Duplicate Advisory: @fastify/oauth2 Oauth2 state parameter reuse Moderate
GHSA-hgxv-3497-3hhj was published for @fastify/oauth2 (npm) Jul 4, 2023 withdrawn
tough-cookie Prototype Pollution vulnerability Moderate
CVE-2023-26136 was published for tough-cookie (npm) Jul 1, 2023
axi92
angular-ui-notification Cross-site Scripting vulnerability Moderate
CVE-2023-34840 was published for angular-ui-notification (npm) Jun 30, 2023
Joplin Cross-site Scripting vulnerability Moderate
CVE-2023-37299 was published for joplin (npm) Jun 30, 2023
Joplin Cross-site Scripting vulnerability Moderate
CVE-2023-37298 was published for joplin (npm) Jun 30, 2023
Duplicate Advisory: jQuery Cross Site Scripting vulnerability Moderate
CVE-2020-23064 was published for jQuery (RubyGems) Jun 26, 2023 withdrawn
eoftedal
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database