Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

161 advisories

Loading
matrix-appservice-irc events can be crafted to leak parts of targeted messages from other bridged rooms Low
CVE-2023-38700 was published for matrix-appservice-irc (npm) Aug 4, 2023
Vendure Cross Site Request Forgery vulnerability impacting all API requests Low
GHSA-h9wq-xcqx-mqxm was published for @vendure/core (npm) Jul 11, 2023
Yaniv-git
sweetalert2 v11.6.14 and above contains potentially undesirable behavior Low
GHSA-mrr8-v49w-3333 was published for sweetalert2 (npm) Jul 10, 2023
Stylelint has vulnerability in semver dependency Low
GHSA-f7xj-rg7h-mc87 was published for stylelint (npm) Jul 7, 2023 withdrawn
romainmenke
Shescape potential environment variable exposure on Windows with CMD Low
CVE-2023-35931 was published for shescape (npm) Jun 22, 2023
@apollo/server vulnerable to unsafe application of Content Security Policy via reused nonces Low
GHSA-68jh-rf6x-836f was published for @apollo/server (npm) Jun 16, 2023
fast-xml-parser regex vulnerability patch could be improved from a safety perspective Low
GHSA-gpv5-7x3g-ghjv was published for fast-xml-parser (npm) Jun 15, 2023
juliangilbey
@keystone-6/core's bundled cuid package known to be insecure Low
GHSA-5fp6-4xw3-xqq3 was published for @keystone-6/core (npm) Jun 12, 2023
TomDo1234
Possible prototype pollution in metadata record, when using meta decorator Low
CVE-2023-30857 was published for @aedart/support (npm) May 1, 2023
eslint-detailed-reporter vulnerable to cross-site scripting Low
CVE-2022-4942 was published for eslint-detailed-reporter (npm) Apr 20, 2023
Imperative CLI vulnerable to Command Injection Low
CVE-2021-4326 was published for @zowe/imperative (npm) Mar 1, 2023
MarkAckert
sweetalert2 v8.19.1 and above contains hidden functionality Low
GHSA-8jh9-wqpf-q52c was published for sweetalert2 (npm) Nov 23, 2022
sweetalert2 v9.17.4 and above contains hidden functionality Low
GHSA-pg98-6v7f-2xfv was published for sweetalert2 (npm) Nov 23, 2022
sweetalert2 v10.16.10 and above contains hidden functionality Low
GHSA-457r-cqc8-9vj9 was published for sweetalert2 (npm) Nov 23, 2022
sweetalert2 v11.4.9 and above contains hidden functionality Low
GHSA-qq6h-5g6j-q3cm was published for sweetalert2 (npm) Nov 23, 2022
limonte
Hardening of TypedArrays with non-canonical numeric property names in SES Low
GHSA-whpx-q3rq-w8jc was published for ses (npm) Oct 20, 2022
Incorrect default cookie name and recommendation Low
GHSA-jjmg-x456-w976 was published for csrf-csrf (npm) Oct 10, 2022
parse-server auth adapter app ID validation can be circumvented Low
CVE-2022-39231 was published for parse-server (npm) Sep 21, 2022
KarolisBan
Improper Control of Generation of Code ('Code Injection') in mdx-mermaid Low
CVE-2022-36036 was published for mdx-mermaid (npm) Aug 31, 2022
sjwall
Command Injection in moment-timezone Low
GHSA-56x4-j7p9-fcf9 was published for moment-timezone (npm) Aug 30, 2022
scovetta
next-auth before v4.10.2 and v3.29.9 leaks excessive information into log Low
CVE-2022-31186 was published for next-auth (npm) Aug 6, 2022
ShuPink
undici before v5.8.0 vulnerable to uncleared cookies on cross-host / cross-origin redirect Low
CVE-2022-31151 was published for undici (npm) Jul 21, 2022
Haxatron
Regular expression denial of service in semver-regex Low
CVE-2021-43307 was published for semver-regex (npm) Jun 3, 2022
Regular expression denial of service in markdown-link-extractor Low
CVE-2021-43308 was published for markdown-link-extractor (npm) Jun 3, 2022
ProTip! Advisories are also available from the GraphQL API