Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

1,459 advisories

Loading
@hoppscotch/cli affected by Sandbox Escape in @hoppscotch/js-sandbox leads to RCE High
CVE-2024-34347 was published for @hoppscotch/cli (npm) Apr 22, 2024
oskar-zeinomahmalat-sonarsource mufeedvh
@hono/node-server has Denial of Service risk when receiving Host header that cannot be parsed High
CVE-2024-32652 was published for @hono/node-server (npm) Apr 19, 2024
@andrei-tatar/nora-firebase-common Prototype Pollution vulnerability High
CVE-2024-30564 was published for @andrei-tatar/nora-firebase-common (npm) Apr 18, 2024
Handling untrusted input can result in a crash, leading to loss of availability / denial of service High
CVE-2024-30253 was published for @solana/web3.js (npm) Apr 17, 2024
FixedLocally steveluscher
@fastify/secure-session: Reuse of destroyed secure session cookie High
CVE-2024-31999 was published for @fastify/secure-session (npm) Apr 10, 2024
AdamKorcz mcollina
arthurscchan
SheetJS Regular Expression Denial of Service (ReDoS) High
CVE-2024-22363 was published for xlsx (npm) Apr 5, 2024
dectalk-tts Uses Unencrypted HTTP Request High
CVE-2024-31206 was published for dectalk-tts (npm) Apr 4, 2024
AverageHelper JstnMcBrd
In Astro-Shield, setting a correct `integrity` attribute to injected code allows to bypass the allow-lists High
CVE-2024-30250 was published for @kindspells/astro-shield (npm) Apr 1, 2024
castarco
@electron/packager's build process memory potentially leaked into final executable High
CVE-2024-29900 was published for @electron/packager (npm) Mar 29, 2024
Content-Security-Policy header generation in middleware could be compromised by malicious injections High
CVE-2024-29896 was published for @kindspells/astro-shield (npm) Mar 29, 2024
castarco
domain-suffix RegEx Denial of Service High
CVE-2024-25354 was published for domain-suffix (npm) Mar 28, 2024
web3-utils Prototype Pollution vulnerability High
CVE-2024-21505 was published for web3-utils (npm) Mar 27, 2024
OneUptime Vulnerable to a Privilege Escalation via Local Storage Key Manipulation High
CVE-2024-29194 was published for @oneuptime/common-server (npm) Mar 25, 2024
saunders-jake
Duplicate Advisory: web3-utils Prototype Pollution vulnerability High
GHSA-87qp-7cw8-8q9c was published for web3-utils (npm) Mar 25, 2024 withdrawn
Path traversal in webpack-dev-middleware High
CVE-2024-29180 was published for webpack-dev-middleware (npm) Mar 21, 2024
palirichtarik
TurboBoost Commands vulnerable to arbitrary method invocation High
CVE-2024-28181 was published for @turbo-boost/commands (RubyGems) Mar 15, 2024
StimulusReflex arbitrary method call High
CVE-2024-28121 was published for stimulus_reflex (RubyGems) Mar 12, 2024
FelixMartel marcoroth
matt-phylum
electron-builder's NSIS installer - execute arbitrary code on the target machine (Windows only) High
CVE-2024-27303 was published for app-builder-lib (npm) Mar 4, 2024
bruno-1337
Directus has MySQL accent insensitive email matching High
CVE-2024-27295 was published for directus (npm) Mar 1, 2024
c53julian
`@backstage/backend-common` vulnerable to path traversal through symlinks High
CVE-2024-26150 was published for @backstage/backend-common (npm) Feb 23, 2024
MeshCentral cross-site websocket hijacking (CSWSH) vulnerability High
CVE-2024-26135 was published for meshcentral (npm) Feb 21, 2024
Cross-site Scripting in electron-pdf High
CVE-2024-1648 was published for electron-pdf (npm) Feb 20, 2024
GitHub Security Lab (GHSL) Vulnerability Report, scrypted: `GHSL-2023-218`, `GHSL-2023-219` High
GHSA-w4hv-vmv9-hgcr was published for @scrypted/core (npm) Feb 16, 2024
Kwstubbs
React Native Document Picker Directory Traversal vulnerability High
CVE-2024-25466 was published for react-native-document-picker (npm) Feb 16, 2024
vonovak
angular vulnerable to super-linear runtime due to backtracking High
CVE-2024-21490 was published for angular (Maven) Feb 10, 2024
ProTip! Advisories are also available from the GraphQL API