Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

16 advisories

Loading
Uhudsavasindankacanokcu2 Credited to Uhudsavasindankacanokcu2 and DavidCarliez DavidCarliez DavidCarliez
Nuxt: Dev server exposes built source over LAN to malicious sites (incomplete fix for GHSA-4gf7-ff8x-hq99) Moderate
CVE-2026-45670 was published for @nuxt/rspack-builder (npm) May 19, 2026
sapphi-red Credited to sapphi-red
webpack-dev-server vulnerable to cross-origin source code exposure on non-HTTPS origins Moderate
CVE-2026-6402 was published for webpack-dev-server (npm) May 18, 2026
sapphi-red Credited to sapphi-red, UlisesGascon, bjohansebas, and alexander-akait UlisesGascon UlisesGascon
bjohansebas bjohansebas alexander-akait alexander-akait
view_component: Preview Route Can Dispatch Inherited Helper Methods Moderate
CVE-2026-44836 was published for view_component (RubyGems) May 8, 2026
cyberlanc3r Credited to cyberlanc3r
webpack-dev-server users' source code may be stolen when they access a malicious web site Moderate
CVE-2025-30359 was published for webpack-dev-server (npm) Jun 4, 2025
sapphi-red Credited to sapphi-red
H2O Vulnerable to Execution of Arbitrary Files Moderate
CVE-2024-6863 was published for ai.h2o:h2o-core (Maven) Mar 20, 2025
Opening a malicious website while running a Nuxt dev server could allow read-only access to code Moderate
CVE-2025-24361 was published for @nuxt/rspack-builder (npm) Jan 27, 2025
sapphi-red Credited to sapphi-red
TYPO3 DB Check Module vulnerable to Cross-Site Request Forgery Moderate
CVE-2024-55945 was published for typo3/cms-lowlevel (Composer) Jan 14, 2025
shm0sby Credited to shm0sby and rosegabe rosegabe rosegabe
TYPO3 Indexed Search Module vulnerable to Cross-Site Request Forgery Moderate
CVE-2024-55923 was published for typo3/cms-indexed-search (Composer) Jan 14, 2025
TYPO3 Form Framework Module vulnerable to Cross-Site Request Forgery Moderate
CVE-2024-55922 was published for typo3/cms-form (Composer) Jan 14, 2025
TYPO3 Cross-Site Request Forgery in Dashboard Module Moderate
CVE-2024-55920 was published for typo3/cms-dashboard (Composer) Jan 14, 2025
TYPO3 Cross-Site Request Forgery in Backend User Module Moderate
CVE-2024-55894 was published for typo3/cms-beuser (Composer) Jan 14, 2025
zly123987 Credited to zly123987, shm0sby, and rosegabe shm0sby shm0sby
rosegabe rosegabe
TYPO3 Cross-Site Request Forgery in Log Module Moderate
CVE-2024-55893 was published for typo3/cms-belog (Composer) Jan 14, 2025
zly123987 Credited to zly123987, shm0sby, and rosegabe shm0sby shm0sby
rosegabe rosegabe
Orchid Platform has Method Exposure Vulnerability in Modals Moderate
CVE-2024-51992 was published for orchid/platform (Composer) Nov 12, 2024
catferq Credited to catferq
Default installation of `synthetic-monitoring-agent` exposes sensitive information Moderate
CVE-2022-46156 was published for github.com/grafana/synthetic-monitoring-agent (Go) Sep 6, 2024
iamwillbar Credited to iamwillbar
xwiki contains Exposed Dangerous Method or Function Moderate
CVE-2023-26478 was published for org.xwiki.platform:xwiki-platform-store-filesystem-oldcore (Maven) Mar 3, 2023
ProTip! Advisories are also available from the GraphQL API