Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

14 advisories

Loading
Next.js Cache Poisoning High
CVE-2024-46982 was published for next (npm) Sep 17, 2024
Directus has an insecure object reference via PATH presets Moderate
GHSA-3fff-gqw3-vj86 was published for directus (npm) Aug 27, 2024
Improper access control in Directus Moderate
CVE-2024-6534 was published for directus (npm) Aug 15, 2024
@strapi/plugin-content-manager leaks data via relations via the Admin Panel Low
CVE-2024-29181 was published for @strapi/plugin-content-manager (npm) Jun 12, 2024
felixdkatt derrickmehaffy
Bassel17 christiancp100
OneUptime Vulnerable to a Privilege Escalation via Local Storage Key Manipulation High
CVE-2024-29194 was published for @oneuptime/common-server (npm) Mar 25, 2024
saunders-jake
@clerk/nextjs auth() and getAuth() methods vulnerable to insecure direct object reference (IDOR) Critical
CVE-2024-22206 was published for @clerk/nextjs (npm) Jan 12, 2024
nikosdouvlis SokratisVidros
colinclerk agis braden-clerk BRKalow
Escalation of privileges in @sap/xssec Critical
CVE-2023-49583 was published for @sap/xssec (npm) Dec 12, 2023
leon-vg
Authorization Bypass in parse-path High
CVE-2022-0624 was published for parse-path (npm) Jun 29, 2022
url-parse incorrectly parses hostname / protocol due to unstripped leading control characters. Moderate
CVE-2022-0691 was published for url-parse (npm) Feb 22, 2022
jhutchings1 Kenny2github
y-yagi Haxatron
Authorization Bypass Through User-Controlled Key in url-parse Critical
CVE-2022-0686 was published for url-parse (npm) Feb 21, 2022
url-parse Incorrectly parses URLs that include an '@' Moderate
CVE-2022-0639 was published for url-parse (npm) Feb 18, 2022
Haxatron
Authorization Bypass Through User-Controlled Key in urijs Moderate
CVE-2022-0613 was published for urijs (npm) Feb 17, 2022
Authorization bypass in url-parse Moderate
CVE-2022-0512 was published for url-parse (npm) Feb 15, 2022
Machine-In-The-Middle in lix High
CVE-2020-10800 was published for lix (npm) Apr 16, 2020
ProTip! Advisories are also available from the GraphQL API