GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
49 advisories
Filter by severity
@jmondi/url-to-png enables capture screenshot of localhost web services (unauthenticated pages)
Moderate
CVE-2024-39919
was published
for
@jmondi/url-to-png
(npm)
Jul 15, 2024
Strapi's field level permissions not being respected in relationship title
Moderate
CVE-2023-37263
was published
for
@strapi/plugin-content-manager
(npm)
Sep 13, 2023
Vite's `server.fs.deny` is bypassed when using `?import&raw`
Moderate
CVE-2024-45811
was published
for
vite
(npm)
Sep 17, 2024
sanitize-html Information Exposure vulnerability
Moderate
CVE-2024-21501
was published
for
sanitize-html
(npm)
Feb 24, 2024
Directus allows redacted data extraction on the API through "alias"
Moderate
CVE-2024-34708
was published
for
directus
(npm)
May 13, 2024
phin may include sensitive headers in subsequent requests after redirect
Moderate
GHSA-x565-32qp-m3vf
was published
for
phin
(npm)
Apr 11, 2024
Vite's `server.fs.deny` did not deny requests for patterns with directories.
Moderate
CVE-2024-31207
was published
for
vite
(npm)
Apr 3, 2024
follow-redirects' Proxy-Authorization header kept across hosts
Moderate
CVE-2024-28849
was published
for
follow-redirects
(npm)
Mar 14, 2024
Directus version number disclosure
Moderate
CVE-2024-27296
was published
for
directus
(npm)
Mar 1, 2024
MongoDB Driver may publish events containing authentication-related data
Moderate
CVE-2021-32050
was published
for
github.com/mongodb/mongo-swift-driver
(Composer)
Aug 29, 2023
botframework-connector vulnerable to Improper Authentication
Moderate
CVE-2021-1725
was published
for
botframework-connector
(npm)
Mar 8, 2021
Strapi may leak sensitive user information, user reset password, tokens via content-manager views
Moderate
CVE-2023-36472
was published
for
@strapi/admin
(npm)
Sep 13, 2023
Incorrect Permission Checking for GraphQL Subscriptions
Moderate
CVE-2023-38503
was published
for
directus
(npm)
Jul 25, 2023
Making all attributes on a content-type public without noticing it
Moderate
CVE-2023-34093
was published
for
@strapi/database
(npm)
Jul 25, 2023
Converse.js Exposure of Sensitive Information
Moderate
CVE-2018-6591
was published
for
converse.js
(Composer)
May 14, 2022
Credential leak in react-native-fast-image
Moderate
CVE-2020-7696
was published
for
react-native-fast-image
(npm)
May 18, 2021
Invalid Curve Attack in node-jose
Moderate
CVE-2017-16007
was published
for
node-jose
(npm)
Jul 20, 2018
Diavante vue-storefront-api and storefront-api disclose stack trace
Moderate
CVE-2020-11883
was published
for
storefront-api
(npm)
May 24, 2022
matrix-js-sdk can be tricked into disclosing E2EE room keys to a participating homeserver
Moderate
CVE-2021-40823
was published
for
matrix-js-sdk
(npm)
Sep 14, 2021
Potential exposure of tokens to an Unauthorized Actor
Moderate
CVE-2022-21671
was published
for
@replit/crosis
(npm)
Jan 12, 2022
Exposure of Sensitive Information to an Unauthorized Actor in follow-redirects
Moderate
CVE-2022-0536
was published
for
follow-redirects
(npm)
Feb 10, 2022
ProTip!
Advisories are also available from the
GraphQL API