Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

3,740 advisories

Loading
Elliptic's verify function omits uniqueness validation Low
CVE-2024-48949 was published for elliptic (npm) Oct 10, 2024
Markus-MS
Marp Core allows XSS by improper neutralization of HTML sanitization Moderate
CVE-2024-56510 was published for @marp-team/marp-core (npm) Dec 26, 2024
Ry0taK
Systeminformation has command injection vulnerability in getWindowsIEEE8021x (SSID) High
CVE-2024-56334 was published for systeminformation (npm) Dec 20, 2024
xAiluros
uptime-kuma vulnerable to Local File Inclusion (LFI) via Improper URL Handling in `Real-Browser` monitor Moderate
CVE-2024-56331 was published for uptime-kuma (npm) Dec 20, 2024
griisemine
Valid ECDSA signatures erroneously rejected in Elliptic Low
CVE-2024-48948 was published for elliptic (npm) Oct 15, 2024
martincostello IchordeDionysos
Astro's server source code is exposed to the public if sourcemaps are enabled High
CVE-2024-56159 was published for astro (npm) Dec 19, 2024
lilnasy
Express ressource injection Moderate
CVE-2024-10491 was published for express (npm) Oct 29, 2024
axi92 rtmcmill2009
Next.js authorization bypass vulnerability High
CVE-2024-51479 was published for next (npm) Dec 17, 2024
tyage
Atro CSRF Middleware Bypass (security.checkOrigin) Moderate
CVE-2024-56140 was published for astro (npm) Dec 18, 2024
KageShiron ematipico
delucis ascorbic
Prototype pollution in jsii.configureCategories Low
GHSA-m56h-5xx3-2jc2 was published for jsii (npm) Dec 18, 2024
fetch(url) leads to a memory leak in undici Moderate
CVE-2024-24750 was published for undici (npm) Feb 16, 2024
mcollina
Predictable results in nanoid generation when given non-integer values Moderate
CVE-2024-55565 was published for nanoid (npm) Dec 9, 2024
krassowski katzj
CrzyHAX91
Bit flip attack vulnerability in cookie-encrypter High
CVE-2024-53441 was published for cookie-encrypter (npm) Dec 9, 2024
mathysEthical
pnpm no-script global cache poisoning via overrides / `ignore-scripts` evasion Moderate
CVE-2024-53866 was published for pnpm (npm) Dec 10, 2024
ChALkeR
Avenwu Whistle Cross-Site Request Forgery (CSRF) High
CVE-2024-55500 was published for whistle (npm) Dec 10, 2024
Angular Expressions - Remote Code Execution when using locals Critical
CVE-2024-54152 was published for angular-expressions (npm) Dec 10, 2024
JorianWoltjer
Directus allows unauthenticated access to WebSocket events and operations High
CVE-2024-54151 was published for @directus/api (npm) Dec 9, 2024
SeanDylanGoff fishuke
Trix editor subject to XSS vulnerabilities on copy & paste Moderate
CVE-2024-53847 was published for trix (npm) Dec 9, 2024
semver vulnerable to Regular Expression Denial of Service High
CVE-2022-25883 was published for semver (npm) Jun 21, 2023
mrgrain G-Rath
Prototype Pollution in the merge and clone helper methods Moderate
CVE-2021-39227 was published for zrender (npm) Sep 20, 2021
Asjidkalam huntr-helper
Unpatched `path-to-regexp` ReDoS in 0.1.x Moderate
CVE-2024-52798 was published for path-to-regexp (npm) Dec 5, 2024
blakeembrey ctcpip
Directus has an HTML Injection in Comment Moderate
CVE-2024-54128 was published for @directus/app (npm) Dec 5, 2024
mastomii r3dpower
Firepad allows insecure document access Low
CVE-2024-51210 was published for firepad (npm) Dec 4, 2024
ProTip! Advisories are also available from the GraphQL API