GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
20,990 advisories
Next.js Allows a Denial of Service (DoS) with Server Actions
Moderate
CVE-2024-56332
was published
for
next
(npm)
Jan 3, 2025
Trix allows Cross-site Scripting via `javascript:` url in a link
Moderate
CVE-2025-21610
was published
for
trix
(npm)
Jan 3, 2025
SiYuan has an arbitrary file deletion vulnerability
High
CVE-2025-21609
was published
for
github.com/siyuan-note/siyuan/kernel
(Go)
Jan 3, 2025
Karmada Tar Slips in CRDs archive extraction
Moderate
CVE-2024-56514
was published
for
github.com/karmada-io/karmada
(Go)
Jan 3, 2025
Karmada PULL Mode Cluster Privilege Escalation
High
CVE-2024-56513
was published
for
github.com/karmada-io/karmada
(Go)
Jan 3, 2025
hutool Buffer Overflow vulnerability
High
CVE-2023-42278
was published
for
cn.hutool:hutool-core
(Maven)
Sep 9, 2023
QOS.CH logback-core Server-Side Request Forgery vulnerability
Low
CVE-2024-12801
was published
for
ch.qos.logback:logback-core
(Maven)
Dec 19, 2024
QOS.CH logback-core Expression Language Injection vulnerability
Moderate
CVE-2024-12798
was published
for
ch.qos.logback:logback-core
(Maven)
Dec 19, 2024
Server Side Template Injection (SSTI) via Twig escape handler
High
CVE-2024-28119
was published
for
getgrav/grav
(Composer)
Mar 22, 2024
Server Side Template Injection (SSTI)
High
CVE-2024-28118
was published
for
getgrav/grav
(Composer)
Mar 22, 2024
Server Side Template Injection (SSTI)
High
CVE-2024-28117
was published
for
getgrav/grav
(Composer)
Mar 22, 2024
.NET Remote Code Execution Vulnerability
High
CVE-2022-41089
was published
for
Microsoft.WindowsDesktop.App.Runtime.win-arm64
(NuGet)
Dec 14, 2022
ProTip!
Advisories are also available from the
GraphQL API