Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

8 advisories

Loading
Electron's sandboxed renderers can obtain thumbnails of arbitrary files through the nativeImage API Moderate
CVE-2021-39184 was published for electron (npm) Oct 12, 2021
nornagon
matrix-js-sdk vulnerable to invisible eavesdropping in group calls Moderate
CVE-2023-29529 was published for matrix-js-sdk (npm) Apr 14, 2023
Total.js CMS RCE Vulnerability Critical
CVE-2019-15954 was published for total4 (npm) May 24, 2022
Total.js CMS Unauthorized Access High
CVE-2019-15953 was published for total4 (npm) May 24, 2022
Renderers can obtain access to random bluetooth device without permission in Electron Low
CVE-2022-21718 was published for electron (npm) Mar 22, 2022
PalmerAL
Authorization bypass in Strapi Critical
CVE-2020-27664 was published for strapi (npm) May 10, 2021
When `ui.isAccessAllowed` is `undefined`, the `adminMeta` GraphQL query is publicly accessible Moderate
CVE-2023-40027 was published for @keystone-6/core (npm) Aug 15, 2023
dcousens
OpenZeppelin Contracts's governor proposal creation may be blocked by frontrunning Moderate
CVE-2023-34234 was published for @openzeppelin/contracts (npm) Jun 8, 2023
MarkLee131
ProTip! Advisories are also available from the GraphQL API