Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

4,006 advisories

Loading
aws-cdk-lib's aspect order change causes different Permissions Boundary assigned to Role Low
GHSA-qc59-cxj2-c2w4 was published for aws-cdk-lib (npm) Apr 15, 2025
jquery-validation vulnerable to Cross-site Scripting Moderate
CVE-2025-3573 was published for jquery-validation (npm) Apr 15, 2025
cookie accepts cookie name, path, and domain with out of bounds characters Low
CVE-2024-47764 was published for cookie (npm) Oct 4, 2024
bewinsnw
nest allows a remote attacker to execute arbitrary code via the Content-Type header Moderate
CVE-2024-29409 was published for @nestjs/common (npm) Mar 14, 2025
aydinnyunus axi92
fperalta-INTIVE
glob-parent 6.0.0 vulnerable to Regular Expression Denial of Service High
CVE-2021-35065 was published for glob-parent (npm) Jul 18, 2022
cowsrule wejendorp
wwuck paulmillr BGehrels
js-object-utilities Vulnerable to Prototype Pollution High
CVE-2025-28269 was published for js-object-utilities (npm) Apr 7, 2025
tariqhawis
Insecure default value for CORS configuration Critical
CVE-2022-26969 was published for directus (npm) Apr 5, 2022
Bootstrap Cross-Site Scripting (XSS) vulnerability Moderate
CVE-2024-6531 was published for bootstrap (RubyGems) Jul 11, 2024
alexeyNeklesa-idt metametadata
Cross-site Scripting in jquery-ui Moderate
CVE-2010-5312 was published for jQuery.UI.Combined (RubyGems) Oct 24, 2017
Directus inserts access token from query string into logs Moderate
CVE-2024-47822 was published for @directus/api (npm) Apr 14, 2025
licitdev
YUI Cross-site Scripting (XSS) vulnerability Moderate
CVE-2013-4942 was published for moodle/moodle (Composer) May 13, 2022
YUI Cross-site Scripting (XSS) vulnerability Moderate
CVE-2013-4941 was published for moodle/moodle (Composer) May 13, 2022
YUI Cross-site Scripting (XSS) vulnerability Moderate
CVE-2013-4940 was published for moodle/moodle (Composer) May 13, 2022
Vega Cross-Site Scripting (XSS) via event filter when not using CSP mode expressionInterpeter Moderate
CVE-2025-26619 was published for vega (npm) Mar 27, 2025
kprevas hydrosquall
domoritz mattijn lsh
Vite has an `server.fs.deny` bypass with an invalid `request-target` Moderate
CVE-2025-32395 was published for vite (npm) Apr 11, 2025
do9gy-msec sw0rd1ight
exec-local-bin vulnerable to Command Injection Critical
CVE-2022-25923 was published for exec-local-bin (npm) Jan 6, 2023
Uniswap Universal Router Incorrect Authorization vulnerability High
CVE-2022-48216 was published for @uniswap/universal-router (npm) Jan 4, 2023
Flowise Vulnerable to SQL Injection via `tableName` Parameter High
CVE-2025-29189 was published for flowise-components (npm) Apr 9, 2025
node-opcua-alarm-condition prototype pollution vulnerability High
CVE-2024-57086 was published for node-opcua-alarm-condition (npm) Feb 6, 2025
axi92
AWS CDK CodePipeline: trusted entities are too broad Low
GHSA-5pq3-h73f-66hr was published for aws-cdk-lib (npm) Mar 24, 2025
Koajs vulnerable to Cross-Site Scripting (XSS) at ctx.redirect() function Moderate
CVE-2025-32379 was published for koa (npm) Apr 9, 2025
linhnph05
crud-query-parser SQL Injection vulnerability High
CVE-2025-32020 was published for crud-query-parser (npm) Apr 9, 2025
Apollo Gateway Query Planner Vulnerable to Excessive Resource Consumption via Named Fragment Expansion High
CVE-2025-32030 was published for @apollo/gateway (npm) Apr 7, 2025
Apollo Gateway Query Planner Vulnerable to Excessive Resource Consumption via Optimization Bypass High
CVE-2025-32031 was published for @apollo/gateway (npm) Apr 7, 2025
ts-asn1-der has Incorrect DER Encoding of Numbers Leading to Denial of Service and Incorrect Value Representation Moderate
CVE-2025-32029 was published for @apeleghq/asn1-der (npm) Apr 7, 2025
ProTip! Advisories are also available from the GraphQL API