GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
35 advisories
Fastify: Incorrect Content-Type parsing can lead to CSRF attack
Moderate
CVE-2022-41919
was published
for
fastify
(npm)
Nov 21, 2022
URL Redirection to Untrusted Site ('Open Redirect') in next-auth
Moderate
CVE-2022-29214
was published
for
next-auth
(npm)
May 24, 2022
Git LFS can execute a Git binary from the current directory on Windows
High
CVE-2021-21237
was published
for
github.com/git-lfs/git-lfs
(Go)
Feb 15, 2022
Improper Neutralization of Argument Delimiters in a Decompiling Package Process in APKLeaks
Critical
CVE-2021-21386
was published
for
APKLeaks
(pip)
Jan 21, 2022
Cross-site Scripting Vulnerability in GraphQL Playground (distributed by Apollo Server)
High
GHSA-qm7x-rc44-rrqw
was published
for
apollo-server
(npm)
Nov 8, 2021
XSS vulnerability in GraphQL Playground from untrusted schemas
High
CVE-2021-41249
was published
for
graphql-playground-react
(npm)
Nov 8, 2021
GraphiQL introspection schema template injection attack
High
CVE-2021-41248
was published
for
graphiql
(npm)
Nov 8, 2021
User impersonation due to incorrect handling of the login JWT
High
CVE-2021-39177
was published
for
org.geysermc:connector
(Maven)
Sep 7, 2021
Hugo can execute a binary from the current directory on Windows
High
CVE-2020-26284
was published
for
github.com/gohugoio/hugo
(Go)
Jun 23, 2021
Local directory executable lookup in sops (Windows-only)
Low
GHSA-x5c7-x7m2-rhmf
was published
for
go.mozilla.org/sops/v3
(Go)
May 20, 2021
ProTip!
Advisories are also available from the
GraphQL API