GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,902
Maven
5,000+
npm
3,631
NuGet
638
pip
3,246
Pub
10
RubyGems
863
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
3,632 advisories
Filter by severity
Flowise Cross-site Scripting in /api/v1/chatflows-streaming/id
Moderate
CVE-2024-37145
was published
for
flowise
(npm)
Aug 5, 2024
Flowise Cross-site Scripting in/api/v1/credentials/id
Moderate
CVE-2024-37146
was published
for
flowise
(npm)
Aug 5, 2024
Flowise Cross-site Scripting in api/v1/chatflows/id
Moderate
CVE-2024-36422
was published
for
flowise
(npm)
Aug 5, 2024
Flowise Cross-site Scripting in /api/v1/public-chatflows/id
Moderate
CVE-2024-36423
was published
for
flowise
(npm)
Aug 5, 2024
Flowise Cors Misconfiguration in packages/server/src/index.ts
High
CVE-2024-36421
was published
for
flowise
(npm)
Aug 5, 2024
Flowise Path Injection at /api/v1/openai-assistants-file
High
CVE-2024-36420
was published
for
flowise
(npm)
Aug 5, 2024
NextChat has full-read SSRF and XSS vulnerability in /api/cors endpoint
Critical
CVE-2023-49785
was published
for
nextchat
(npm)
Aug 5, 2024
Scrypted Cross-site Scripting vulnerability
Moderate
CVE-2023-47620
was published
for
@scrypted/server
(npm)
Aug 5, 2024
Scrypted Cross-site Scripting vulnerability
Moderate
CVE-2023-47623
was published
for
@scrypted/core
(npm)
Aug 5, 2024
Editor.js vulnerable to Code Injection
Moderate
CVE-2022-23474
was published
for
@editorjs/editorjs
(npm)
Aug 5, 2024
Bootstrap vulnerable to Cross-Site Scripting (XSS)
Moderate
CVE-2018-14040
was published
for
bootstrap
(RubyGems)
May 13, 2022
bootstrap Cross-site Scripting vulnerability
Moderate
CVE-2018-20677
was published
for
bootstrap
(RubyGems)
Jan 17, 2019
Bootstrap Cross-site Scripting vulnerability
Moderate
CVE-2018-14042
was published
for
bootstrap
(RubyGems)
Sep 13, 2018
Bootstrap Cross-site Scripting vulnerability
Moderate
CVE-2016-10735
was published
for
bootstrap
(RubyGems)
Jan 17, 2019
XSS vulnerability that affects bootstrap
Moderate
CVE-2018-20676
was published
for
bootstrap
(RubyGems)
Jan 17, 2019
ws affected by a DoS when handling a request with many HTTP headers
High
CVE-2024-37890
was published
for
ws
(npm)
Jun 17, 2024
jrburke requirejs vulnerable to prototype pollution
High
CVE-2024-38999
was published
for
requirejs
(npm)
Jul 1, 2024
Plate media plugins has a XSS in media embed element when using custom URL parsers
High
CVE-2024-40631
was published
for
@udecode/plate-media
(npm)
Jul 15, 2024
@jmondi/url-to-png contains a Path Traversal vulnerability
Moderate
CVE-2024-39918
was published
for
@jmondi/url-to-png
(npm)
Jul 15, 2024
@jmondi/url-to-png enables capture screenshot of localhost web services (unauthenticated pages)
Low
CVE-2024-39919
was published
for
@jmondi/url-to-png
(npm)
Jul 15, 2024
TinyMCE Cross-Site Scripting (XSS) vulnerability using noscript elements
Moderate
CVE-2024-38357
was published
for
TinyMCE
(Composer)
Jun 19, 2024
TinyMCE Cross-Site Scripting (XSS) vulnerability using noneditable_regexp option
Moderate
CVE-2024-38356
was published
for
TinyMCE
(Composer)
Jun 19, 2024
Vite before v2.9.13 vulnerable to directory traversal via crafted URL to victim's service
Moderate
CVE-2022-35204
was published
for
vite
(npm)
Aug 19, 2022
Cross-site scripting in bootstrap-select
Moderate
CVE-2019-20921
was published
for
bootstrap-select
(npm)
May 7, 2021
Flowise vulnerable to code injection via api/v1
High
CVE-2024-31621
was published
for
flowise
(npm)
Apr 29, 2024
ProTip!
Advisories are also available from the
GraphQL API