GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
23 advisories
Filter by severity
Incorrect handling of CORS preflight request headers in hapi
Moderate
CVE-2015-9236
was published
for
hapi
(npm)
Jun 7, 2018
Unsafe Merging of CORS Configuration Conflict in hapi
Moderate
CVE-2015-9243
was published
for
hapi
(npm)
Sep 1, 2020
Sails before 0.12.7 vulnerable to Broken CORS
High
CVE-2016-10549
was published
for
sails
(npm)
Feb 18, 2019
ghost vulnerable to unauthorized newsletter modification via improper access controls
High
CVE-2022-41654
was published
for
ghost
(npm)
Nov 28, 2022
directus vulnerable to Insertion of Sensitive Information into Log File
Moderate
CVE-2023-28443
was published
for
directus
(npm)
Mar 23, 2023
Budibase Improper Access Control vulnerability
Moderate
CVE-2022-3225
was published
for
@budibase/bbui
(npm)
Sep 17, 2022
rendertron can remotely shut down Chrome instance
High
CVE-2017-18353
was published
for
rendertron
(npm)
Jan 4, 2019
When setting EntityOptions.apiPrefilter to a function, the filter is not applied to API requests for a resource by Id
Moderate
CVE-2023-35167
was published
for
remult
(npm)
Jun 20, 2023
pnpm incorrectly parses tar archives relative to specification
High
CVE-2023-37478
was published
for
@pnpm/cafs
(npm)
Aug 1, 2023
@clerk/nextjs auth() and getAuth() methods vulnerable to insecure direct object reference (IDOR)
Critical
CVE-2024-22206
was published
for
@clerk/nextjs
(npm)
Jan 12, 2024
Vite dev server option `server.fs.deny` can be bypassed when hosted on case-insensitive filesystem
High
CVE-2024-23331
was published
for
vite
(npm)
Jan 19, 2024
@lobehub/chat vulnerable to unauthorized access to plugins
Moderate
CVE-2024-24566
was published
for
@lobehub/chat
(npm)
Jan 31, 2024
Vite's `server.fs.deny` did not deny requests for patterns with directories.
Moderate
CVE-2024-31207
was published
for
vite
(npm)
Apr 3, 2024
Undici's fetch with integrity option is too lax when algorithm is specified but hash value is in incorrect
Low
CVE-2024-30261
was published
for
undici
(npm)
Apr 4, 2024
Directus vulnerable to SSRF Loopback IP filter bypass
Moderate
CVE-2024-46990
was published
for
@directus/api
(npm)
Sep 18, 2024
Vite's `server.fs.deny` is bypassed when using `?import&raw`
Moderate
CVE-2024-45811
was published
for
vite
(npm)
Sep 17, 2024
Ghost's improper authentication allows access to member information and actions
Moderate
CVE-2024-43409
was published
for
@tryghost/portal
(npm)
Aug 20, 2024
EverShop at risk to unauthorized access via weak HMAC secret
Critical
CVE-2023-46943
was published
for
@evershop/evershop
(npm)
Jan 13, 2024
rejetto HFS vulnerable to OS Command Execution by remote authenticated users
High
CVE-2024-39943
was published
for
hfs
(npm)
Jul 5, 2024
Directus incorrectly handles `_in` filter
High
CVE-2024-39701
was published
for
directus
(npm)
Jul 8, 2024
Lunary improper access control vulnerability
High
CVE-2024-6087
was published
for
lunary
(npm)
Sep 13, 2024
Mattermost Desktop App fails to safeguard screen capture functionality
Moderate
CVE-2024-39772
was published
for
mattermost-desktop
(npm)
Sep 16, 2024
ProTip!
Advisories are also available from the
GraphQL API