GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
179 advisories
cookie accepts cookie name, path, and domain with out of bounds characters
Low
CVE-2024-47764
was published
for
cookie
(npm)
Oct 4, 2024
Next.js may leak x-middleware-subrequest-id to external hosts
Low
CVE-2025-30218
was published
for
next
(npm)
Apr 2, 2025
Matrix IRC Bridge allows IRC command injection to own puppeted user
Low
CVE-2025-27146
was published
for
matrix-appservice-irc
(npm)
Feb 25, 2025
AWS Cloud Development Kit (AWS CDK) IAM OIDC custom resource allows connection to unauthorized OIDC provider
Low
CVE-2025-23206
was published
for
aws-cdk-lib
(npm)
Jan 17, 2025
Potential DoS when using ContextLines integration
Low
GHSA-r5w7-f542-q2j4
was published
for
@sentry/astro
(npm)
Jan 28, 2025
@sveltejs/kit vulnerable to XSS on dev mode 404 page
Low
CVE-2024-53261
was published
for
@sveltejs/kit
(npm)
Nov 25, 2024
Lodestar snappy checksum issue
Low
GHSA-m9c9-mc2h-9wjw
was published
for
@lodestar/reqresp
(npm)
Jan 14, 2025
Lodestar snappy decompression issue
Low
GHSA-53rv-hcvm-rpp9
was published
for
@lodestar/reqresp
(npm)
Jan 14, 2025
Elliptic's verify function omits uniqueness validation
Low
CVE-2024-48949
was published
for
elliptic
(npm)
Oct 10, 2024
Valid ECDSA signatures erroneously rejected in Elliptic
Low
CVE-2024-48948
was published
for
elliptic
(npm)
Oct 15, 2024
ProTip!
Advisories are also available from the
GraphQL API