GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
11 advisories
SurrealDB bypass of deny-net flags via redirect results in server-side request forgery (SSRF)
Moderate
GHSA-5q9x-554g-9jgg
was published
for
surrealdb
(Rust)
Apr 11, 2025
SurrealDB CPU exhaustion via custom functions result in total DoS
High
GHSA-pxw4-94j3-v9pf
was published
for
surrealdb
(Rust)
Apr 11, 2025
SurrealDB no JavaScript script function default timeout could facilitate DoS
Low
GHSA-3824-qmfq-2qv7
was published
for
surrealdb
(Rust)
Apr 11, 2025
SurrealDB memory exhaustion via string::replace using regex
High
GHSA-3633-g6mg-p6qq
was published
for
surrealdb
(Rust)
Apr 11, 2025
SurrealDB server-takeover via SurrealQL injection on backup import
Critical
GHSA-ccj3-5p93-8p42
was published
for
surrealdb
(Rust)
Apr 11, 2025
SurrealDB has local file read of 2-column TSV files via analyzers
Low
GHSA-2cvj-g5r5-jrrg
was published
for
surrealdb
(Rust)
Apr 10, 2025
SurrealDB vulnerable to memory exhaustion via nested functions and scripts
Moderate
GHSA-m7rc-8w7m-r9qr
was published
for
surrealdb
(Rust)
Apr 10, 2025
DOMPurify allows tampering by prototype pollution
High
CVE-2024-45801
was published
for
dompurify
(npm)
Sep 16, 2024
Sanitize vulnerable to Cross-site Scripting via insufficient neutralization of `style` element content
High
CVE-2023-36823
was published
for
sanitize
(RubyGems)
Jul 6, 2023
JWT leak via Open Redirect in Programmatic access
Moderate
CVE-2021-29651
was published
for
github.com/pomerium/pomerium
(Go)
May 21, 2021
pomerium_signature is not verified in middleware in github.com/pomerium/pomerium
Moderate
CVE-2021-29652
was published
for
github.com/pomerium/pomerium
(Go)
May 21, 2021
ProTip!
Advisories are also available from the
GraphQL API