GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
3,739 advisories
Systeminformation has command injection vulnerability in getWindowsIEEE8021x (SSID)
High
CVE-2024-56334
was published
for
systeminformation
(npm)
Dec 20, 2024
uptime-kuma vulnerable to Local File Inclusion (LFI) via Improper URL Handling in `Real-Browser` monitor
Moderate
CVE-2024-56331
was published
for
uptime-kuma
(npm)
Dec 20, 2024
Astro's server source code is exposed to the public if sourcemaps are enabled
High
CVE-2024-56159
was published
for
astro
(npm)
Dec 19, 2024
Atro CSRF Middleware Bypass (security.checkOrigin)
Moderate
CVE-2024-56140
was published
for
astro
(npm)
Dec 18, 2024
Bun has an Application-level Prototype Pollution vulnerability in the runtime native API for Glo
Moderate
CVE-2024-21548
was published
for
bun
(npm)
Dec 18, 2024
Next.js authorization bypass vulnerability
High
CVE-2024-51479
was published
for
next
(npm)
Dec 17, 2024
pnpm no-script global cache poisoning via overrides / `ignore-scripts` evasion
Moderate
CVE-2024-53866
was published
for
pnpm
(npm)
Dec 10, 2024
Angular Expressions - Remote Code Execution when using locals
Critical
CVE-2024-54152
was published
for
angular-expressions
(npm)
Dec 10, 2024
Bit flip attack vulnerability in cookie-encrypter
High
CVE-2024-53441
was published
for
cookie-encrypter
(npm)
Dec 9, 2024
Directus allows unauthenticated access to WebSocket events and operations
High
CVE-2024-54151
was published
for
@directus/api
(npm)
Dec 9, 2024
Predictable results in nanoid generation when given non-integer values
Moderate
CVE-2024-55565
was published
for
nanoid
(npm)
Dec 9, 2024
Unpatched `path-to-regexp` ReDoS in 0.1.x
Moderate
CVE-2024-52798
was published
for
path-to-regexp
(npm)
Dec 5, 2024
Directus has an HTML Injection in Comment
Moderate
CVE-2024-54128
was published
for
@directus/app
(npm)
Dec 5, 2024
Mongoose search injection vulnerability
High
CVE-2024-53900
was published
for
mongoose
(npm)
Dec 2, 2024
hull.js Code Injection Vulnerability
Critical
GHSA-q849-wxrc-vqrp
was published
for
hull.js
(npm)
Dec 2, 2024
@intlify/shared Prototype Pollution vulnerability
Moderate
CVE-2024-52810
was published
for
@intlify/shared
(npm)
Dec 2, 2024
vue-i18n has cross-site scripting vulnerability with prototype pollution
Moderate
CVE-2024-52809
was published
for
@intlify/core
(npm)
Dec 2, 2024
@lobehub/chat Server Side Request Forgery vulnerability
High
CVE-2024-32965
was published
for
@lobehub/chat
(npm)
Nov 26, 2024
ProTip!
Advisories are also available from the
GraphQL API