GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
2,000
Maven
5,000+
npm
3,711
NuGet
661
pip
3,383
Pub
11
RubyGems
885
Rust
849
Swift
36
Unreviewed advisories
All unreviewed
5,000+
49 advisories
Filter by severity
Vite's `server.fs.deny` is bypassed when using `?import&raw`
Moderate
CVE-2024-45811
was published
for
vite
(npm)
Sep 17, 2024
@jmondi/url-to-png enables capture screenshot of localhost web services (unauthenticated pages)
Moderate
CVE-2024-39919
was published
for
@jmondi/url-to-png
(npm)
Jul 15, 2024
Directus allows redacted data extraction on the API through "alias"
Moderate
CVE-2024-34708
was published
for
directus
(npm)
May 13, 2024
phin may include sensitive headers in subsequent requests after redirect
Moderate
GHSA-x565-32qp-m3vf
was published
for
phin
(npm)
Apr 11, 2024
Vite's `server.fs.deny` did not deny requests for patterns with directories.
Moderate
CVE-2024-31207
was published
for
vite
(npm)
Apr 3, 2024
follow-redirects' Proxy-Authorization header kept across hosts
Moderate
CVE-2024-28849
was published
for
follow-redirects
(npm)
Mar 14, 2024
Directus version number disclosure
Moderate
CVE-2024-27296
was published
for
directus
(npm)
Mar 1, 2024
sanitize-html Information Exposure vulnerability
Moderate
CVE-2024-21501
was published
for
sanitize-html
(npm)
Feb 24, 2024
Strapi's field level permissions not being respected in relationship title
Moderate
CVE-2023-37263
was published
for
@strapi/plugin-content-manager
(npm)
Sep 13, 2023
Strapi may leak sensitive user information, user reset password, tokens via content-manager views
Moderate
CVE-2023-36472
was published
for
@strapi/admin
(npm)
Sep 13, 2023
MongoDB Driver may publish events containing authentication-related data
Moderate
CVE-2021-32050
was published
for
github.com/mongodb/mongo-swift-driver
(Composer)
Aug 29, 2023
Incorrect Permission Checking for GraphQL Subscriptions
Moderate
CVE-2023-38503
was published
for
directus
(npm)
Jul 25, 2023
Making all attributes on a content-type public without noticing it
Moderate
CVE-2023-34093
was published
for
@strapi/database
(npm)
Jul 25, 2023
Directus vulnerable to extraction of password hashes through export querying
Moderate
CVE-2023-27481
was published
for
directus
(npm)
Mar 8, 2023
@nestjs/core vulnerable to Information Exposure via StreamableFile pipe
Moderate
CVE-2023-26108
was published
for
@nestjs/core
(npm)
Mar 6, 2023
Sequelize information disclosure vulnerability
Moderate
CVE-2023-22580
was published
for
@sequelize/core
(npm)
Feb 16, 2023
liquidjs may leak properties of a prototype
Moderate
CVE-2022-25948
was published
for
liquidjs
(npm)
Dec 22, 2022
Exfiltration of hashed SMB credentials on Windows via file:// redirect
Moderate
CVE-2022-36077
was published
for
electron
(npm)
Nov 10, 2022
fhir-works-on-aws-authz-smart handles permissions improperly
Moderate
CVE-2022-39230
was published
for
fhir-works-on-aws-authz-smart
(npm)
Sep 21, 2022
Potential Sensitive Cookie Exposure in NPM Packages @finastra/nestjs-proxy, @ffdc/nestjs-proxy
Moderate
CVE-2022-31070
was published
for
@finastra/nestjs-proxy
(npm)
Jun 17, 2022
Potential Authorization Header Exposure in NPM Packages @finastra/nestjs-proxy, @ffdc/nestjs-proxy
Moderate
CVE-2022-31069
was published
for
@finastra/nestjs-proxy
(npm)
Jun 17, 2022
Exposure of Sensitive Information to an Unauthorized Actor in semantic-release
Moderate
CVE-2022-31051
was published
for
semantic-release
(npm)
Jun 9, 2022
Diavante vue-storefront-api and storefront-api disclose stack trace
Moderate
CVE-2020-11883
was published
for
storefront-api
(npm)
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API