Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

1,140 advisories

Loading
uptime-kuma vulnerable to Local File Inclusion (LFI) via Improper URL Handling in `Real-Browser` monitor Moderate
CVE-2024-56331 was published for uptime-kuma (npm) Dec 20, 2024
griisemine
Express ressource injection Moderate
CVE-2024-10491 was published for express (npm) Oct 29, 2024
axi92 rtmcmill2009
Atro CSRF Middleware Bypass (security.checkOrigin) Moderate
CVE-2024-56140 was published for astro (npm) Dec 18, 2024
KageShiron ematipico
delucis ascorbic
fetch(url) leads to a memory leak in undici Moderate
CVE-2024-24750 was published for undici (npm) Feb 16, 2024
mcollina
Predictable results in nanoid generation when given non-integer values Moderate
CVE-2024-55565 was published for nanoid (npm) Dec 9, 2024
krassowski katzj
CrzyHAX91
pnpm no-script global cache poisoning via overrides / `ignore-scripts` evasion Moderate
CVE-2024-53866 was published for pnpm (npm) Dec 10, 2024
ChALkeR
Trix editor subject to XSS vulnerabilities on copy & paste Moderate
CVE-2024-53847 was published for trix (npm) Dec 9, 2024
Prototype Pollution in the merge and clone helper methods Moderate
CVE-2021-39227 was published for zrender (npm) Sep 20, 2021
Asjidkalam huntr-helper
Unpatched `path-to-regexp` ReDoS in 0.1.x Moderate
CVE-2024-52798 was published for path-to-regexp (npm) Dec 5, 2024
blakeembrey ctcpip
Directus has an HTML Injection in Comment Moderate
CVE-2024-54128 was published for @directus/app (npm) Dec 5, 2024
mastomii r3dpower
Backstage Scaffolder plugin vulnerable to Server-Side Request Forgery Moderate
CVE-2024-53983 was published for @backstage/plugin-scaffolder-node (npm) Dec 2, 2024
@intlify/shared Prototype Pollution vulnerability Moderate
CVE-2024-52810 was published for @intlify/shared (npm) Dec 2, 2024
BobbieGoede
vue-i18n has cross-site scripting vulnerability with prototype pollution Moderate
CVE-2024-52809 was published for @intlify/core (npm) Dec 2, 2024
BobbieGoede
Nunjucks autoescape bypass leads to cross site scripting Moderate
CVE-2023-2142 was published for nunjucks (npm) Apr 20, 2023
blaiddx64
@dapperduckling/keycloak-connector-server has Reflected XSS Vulnerability in Authentication Flow URL Handling Moderate
CVE-2024-53843 was published for @dapperduckling/keycloak-connector-server (npm) Nov 26, 2024
Cross-site scripting in bootstrap-select Moderate
CVE-2019-20921 was published for bootstrap-select (npm) May 7, 2021
lunary-ai/lunary Access Control Vulnerability in Prompt Variation Management Moderate
CVE-2024-5389 was published for lunary (npm) Jun 10, 2024 withdrawn
smol-toml has a Denial of Service via malicious TOML document using deeply nested inline tables Moderate
GHSA-pqhp-25j4-6hq9 was published for smol-toml (npm) Nov 22, 2024
TheKodeToad
Open Chinese Convert subject to Denial of Service via Out-of-bounds Read Moderate
CVE-2018-16982 was published for opencc (npm) May 14, 2022
richardfan0606 DanBeard
Bootstrap Cross-Site Scripting (XSS) vulnerability for data-* attributes Moderate
CVE-2024-6485 was published for bootstrap (npm) Jul 11, 2024
hdtmccallie
Incorrect Access Control in NodeBB Moderate
CVE-2024-29316 was published for nodebb (npm) Mar 29, 2024
Mattermost Desktop App fails to safeguard screen capture functionality Moderate
CVE-2024-39772 was published for mattermost-desktop (npm) Sep 16, 2024
@blakeembrey/template vulnerable to code injection when attacker controls template input Moderate
CVE-2024-45390 was published for @blakeembrey/template (npm) Sep 3, 2024
mcoimbra filipeom
ProTip! Advisories are also available from the GraphQL API