GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
11 advisories
Connecting to a malicious Codespaces via GH CLI could allow command execution on the user's computer
High
CVE-2024-52308
was published
for
github.com/cli/cli
(Go)
Nov 14, 2024
Werkzeug debugger vulnerable to remote execution when interacting with attacker controlled domain
High
CVE-2024-34069
was published
for
Werkzeug
(pip)
May 6, 2024
yt-dlp: `--exec` command injection when using `%q` in yt-dlp on Windows (Bypass of CVE-2023-40581)
High
CVE-2024-22423
was published
for
yt-dlp
(pip)
Apr 10, 2024
Deno's deno_runtime vulnerable to interactive permission prompt spoofing via improper ANSI stripping
High
CVE-2024-27936
was published
for
deno
(Rust)
Mar 5, 2024
SvelteKit framework has Insufficient CSRF protection for CORS requests
High
CVE-2023-29008
was published
for
@sveltejs/kit
(npm)
Apr 7, 2023
Git LFS can execute a Git binary from the current directory on Windows
High
CVE-2021-21237
was published
for
github.com/git-lfs/git-lfs
(Go)
Feb 15, 2022
Cross-site Scripting Vulnerability in GraphQL Playground (distributed by Apollo Server)
High
GHSA-qm7x-rc44-rrqw
was published
for
apollo-server
(npm)
Nov 8, 2021
XSS vulnerability in GraphQL Playground from untrusted schemas
High
CVE-2021-41249
was published
for
graphql-playground-react
(npm)
Nov 8, 2021
GraphiQL introspection schema template injection attack
High
CVE-2021-41248
was published
for
graphiql
(npm)
Nov 8, 2021
User impersonation due to incorrect handling of the login JWT
High
CVE-2021-39177
was published
for
org.geysermc:connector
(Maven)
Sep 7, 2021
Hugo can execute a binary from the current directory on Windows
High
CVE-2020-26284
was published
for
github.com/gohugoio/hugo
(Go)
Jun 23, 2021
ProTip!
Advisories are also available from the
GraphQL API