Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,096
Erlang
29
GitHub Actions
19
Go
1,925
Maven
5,000+
npm
3,654
NuGet
638
pip
3,263
Pub
10
RubyGems
873
Rust
823
Swift
35
Unreviewed advisories
All unreviewed
5,000+

3,654 advisories

Loading
@saltcorn/plugins-loader unsanitized plugin name leads to a remote code execution (RCE) vulnerability when creating plugins using git source High
GHSA-fm76-w8jw-xf8m was published for @saltcorn/plugins-loader (npm) Oct 3, 2024
@saltcorn/server Remote Code Execution (RCE) / SQL injection via prototype pollution by manipulating `lang` and `defstring` parameters when setting localizer strings High
GHSA-78p3-fwcq-62c2 was published for @saltcorn/server (npm) Oct 3, 2024
@saltcorn/server arbitrary file and directory listing when accessing build mobile app results Moderate
GHSA-cfqx-f43m-vfh7 was published for @saltcorn/server (npm) Oct 3, 2024
@saltcorn/server arbitrary file zip read and download when downloading auto backups Moderate
GHSA-277h-px4m-62q8 was published for @saltcorn/server (npm) Oct 3, 2024
Unexpected visibility of environment variable configurations in @backstage/plugin-app-backend Moderate
CVE-2024-47762 was published for @backstage/plugin-app-backend (npm) Oct 3, 2024
Sentry SDK Prototype Pollution gadget in JavaScript SDKs Moderate
GHSA-593m-55hh-j8gv was published for @sentry/browser (npm) Oct 3, 2024
SUCHMOKUO node-worker-threads-pool denial of service Vulnerability Moderate
CVE-2021-29057 was published for node-worker-threads-pool (npm) Aug 11, 2023
nalandial
OpenC3 stores passwords in clear text (`GHSL-2024-129`) Moderate
CVE-2024-47529 was published for @openc3/tool-common (RubyGems) Oct 2, 2024
p-
OpenC3 Cross-site Scripting in Login functionality (`GHSL-2024-128`) Moderate
CVE-2024-43795 was published for @openc3/tool-common (RubyGems) Oct 2, 2024
p-
Heap-based Buffer Overflow in sqlite-vec High
CVE-2024-46488 was published for sqlite-vec (RubyGems) Sep 25, 2024
Regular Expression Denial of Service in is-my-json-valid High
CVE-2016-2537 was published for is-my-json-valid (npm) Oct 24, 2017
Stored XSS in Jupyter nbdime Moderate
CVE-2021-41134 was published for nbdime (npm) Nov 8, 2021
uPlot Prototype Pollution vulnerability High
CVE-2024-21489 was published for uplot (npm) Oct 1, 2024
git-shallow-clone OS Command Injection vulnerability Moderate
CVE-2024-21531 was published for git-shallow-clone (npm) Oct 1, 2024
Flowise and Flowise Chat Embed vulnerable to Stored Cross-site Scripting Moderate
CVE-2024-9148 was published for flowise (npm) Sep 25, 2024
basic-auth-connect's callback uses time unsafe string comparison High
CVE-2024-47178 was published for basic-auth-connect (npm) Sep 30, 2024
UlisesGascon ctcpip
AdamKorcz blakeembrey
lobe-chat implemented an insufficient fix for GHSA-mxhq-xw3g-rphc (CVE-2024-32964) Moderate
CVE-2024-47066 was published for @lobehub/chat (npm) Sep 23, 2024
a1loy
Escalation of privileges in @sap/xssec Critical
CVE-2023-49583 was published for @sap/xssec (npm) Dec 12, 2023
leon-vg
Cross-site scripting (XSS) in the clipboard package Moderate
CVE-2024-45613 was published for @ckeditor/ckeditor5-clipboard (npm) Sep 25, 2024
Remote command execution in promptr High
CVE-2024-46489 was published for @ifnotnowwhen/promptr (npm) Sep 25, 2024
DOM Clobbering Gadget found in rollup bundled scripts that leads to XSS High
CVE-2024-47068 was published for rollup (npm) Sep 23, 2024
jackfromeast ishmeals
Agnai vulnerable to Remote Code Execution via JS Upload using Directory Traversal Critical
CVE-2024-47169 was published for agnai (npm) Sep 26, 2024
ropwareJB
Agnai File Disclosure Vulnerability: JSON via Path Traversal Low
CVE-2024-47170 was published for agnai (npm) Sep 26, 2024
ropwareJB
Agnai vulnerable to Relative Path Traversal in Image Upload Low
CVE-2024-47171 was published for agnai (npm) Sep 26, 2024
ropwareJB
Layui has DOM Clobbering gadgets that leads to Cross-site Scripting Moderate
CVE-2024-47075 was published for layui (npm) Sep 26, 2024
jackfromeast ishmeals
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database