Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

14 advisories

Loading
Electron Vulnerable to Code Execution by Re-Enabling Node.js Integration High
CVE-2018-1000136 was published for electron (npm) Mar 26, 2018
Churro
xterm vulnerable to remote code execution High
CVE-2019-0542 was published for xterm (npm) Jan 14, 2019
Churro
Potential XSS vulnerability in jQuery Moderate
CVE-2020-11022 was published for jquery (RubyGems) Apr 29, 2020
masatokinugawa Churro
Rudloff
Command Injection in Limdu Low
CVE-2020-4066 was published for limdu (npm) Jun 22, 2020
Churro
CKEditor 4.0 vulnerability in the HTML Data Processor Moderate
CVE-2020-9281 was published for ckeditor4 (npm) May 7, 2021
Churro
Incorrect Authorization in NATS nats-server High
CVE-2022-24450 was published for github.com/nats-io/nats-server/v2 (Go) Feb 8, 2022
Churro andrewpollock
Bootstrap vulnerable to Cross-Site Scripting (XSS) Moderate
CVE-2018-14040 was published for bootstrap (RubyGems) May 13, 2022
jhutchings1 stof
Churro tdunlap607 jenhae
Signature forgery in Biscuit Critical
CVE-2022-31053 was published for biscuit-auth (Go) Jun 17, 2022
avivdolev Churro
KubeVirt vulnerable to arbitrary file read on host High
GHSA-qv98-3369-g364 was published for kubevirt.io/kubevirt (Go) Sep 15, 2022
rmohr 0xdidu
Churro andrewpollock
JOSE vulnerable to resource exhaustion via specifically crafted JWE Moderate
CVE-2022-36083 was published for jose (npm) Sep 16, 2022
TomTervoort panva
Churro
feathers-sequelize contains improper input validation leading to SQL injection Critical
CVE-2022-2422 was published for feathers-sequelize (npm) Oct 26, 2022
Churro
Feather-Sequelize cleanQuery method vulnerable to Prototype Pollution Critical
CVE-2022-29823 was published for feathers-sequelize (npm) Oct 26, 2022
Churro
feathers-sequelize vulnerable to SQL injection due to improper parameter filtering Critical
CVE-2022-29822 was published for feathers-sequelize (npm) Oct 26, 2022
Churro
Grafana vulnerable to Stored Cross-site Scripting in Text plugin Moderate
CVE-2023-22462 was published for github.com/grafana/grafana (Go) Mar 1, 2023
Churro michaelkedar
ProTip! Advisories are also available from the GraphQL API