GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
3,742 advisories
path-sanitizer allows bypassing the existing filters to achieve path-traversal vulnerability
Critical
CVE-2024-56198
was published
for
path-sanitizer
(npm)
Jan 2, 2025
Better Auth has an Open Redirect Vulnerability in Verify Email Endpoint
High
CVE-2024-56734
was published
for
better-auth
(npm)
Dec 30, 2024
Marp Core allows XSS by improper neutralization of HTML sanitization
Moderate
CVE-2024-56510
was published
for
@marp-team/marp-core
(npm)
Dec 26, 2024
Systeminformation has command injection vulnerability in getWindowsIEEE8021x (SSID)
High
CVE-2024-56334
was published
for
systeminformation
(npm)
Dec 20, 2024
uptime-kuma vulnerable to Local File Inclusion (LFI) via Improper URL Handling in `Real-Browser` monitor
Moderate
CVE-2024-56331
was published
for
uptime-kuma
(npm)
Dec 20, 2024
Astro's server source code is exposed to the public if sourcemaps are enabled
High
CVE-2024-56159
was published
for
astro
(npm)
Dec 19, 2024
Atro CSRF Middleware Bypass (security.checkOrigin)
Moderate
CVE-2024-56140
was published
for
astro
(npm)
Dec 18, 2024
Bun has an Application-level Prototype Pollution vulnerability in the runtime native API for Glo
Moderate
CVE-2024-21548
was published
for
bun
(npm)
Dec 18, 2024
Next.js authorization bypass vulnerability
High
CVE-2024-51479
was published
for
next
(npm)
Dec 17, 2024
pnpm no-script global cache poisoning via overrides / `ignore-scripts` evasion
Moderate
CVE-2024-53866
was published
for
pnpm
(npm)
Dec 10, 2024
Angular Expressions - Remote Code Execution when using locals
Critical
CVE-2024-54152
was published
for
angular-expressions
(npm)
Dec 10, 2024
Bit flip attack vulnerability in cookie-encrypter
High
CVE-2024-53441
was published
for
cookie-encrypter
(npm)
Dec 9, 2024
Directus allows unauthenticated access to WebSocket events and operations
High
CVE-2024-54151
was published
for
@directus/api
(npm)
Dec 9, 2024
Predictable results in nanoid generation when given non-integer values
Moderate
CVE-2024-55565
was published
for
nanoid
(npm)
Dec 9, 2024
Unpatched `path-to-regexp` ReDoS in 0.1.x
Moderate
CVE-2024-52798
was published
for
path-to-regexp
(npm)
Dec 5, 2024
Directus has an HTML Injection in Comment
Moderate
CVE-2024-54128
was published
for
@directus/app
(npm)
Dec 5, 2024
Mongoose search injection vulnerability
High
CVE-2024-53900
was published
for
mongoose
(npm)
Dec 2, 2024
hull.js Code Injection Vulnerability
Critical
GHSA-q849-wxrc-vqrp
was published
for
hull.js
(npm)
Dec 2, 2024
@intlify/shared Prototype Pollution vulnerability
Moderate
CVE-2024-52810
was published
for
@intlify/shared
(npm)
Dec 2, 2024
ProTip!
Advisories are also available from the
GraphQL API