GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
11 advisories
pomerium_signature is not verified in middleware in github.com/pomerium/pomerium
Moderate
CVE-2021-29652
was published
for
github.com/pomerium/pomerium
(Go)
May 21, 2021
JWT leak via Open Redirect in Programmatic access
Moderate
CVE-2021-29651
was published
for
github.com/pomerium/pomerium
(Go)
May 21, 2021
Sanitize vulnerable to Cross-site Scripting via insufficient neutralization of `style` element content
High
CVE-2023-36823
was published
for
sanitize
(RubyGems)
Jul 6, 2023
DOMPurify allows tampering by prototype pollution
High
CVE-2024-45801
was published
for
dompurify
(npm)
Sep 16, 2024
SurrealDB vulnerable to memory exhaustion via nested functions and scripts
Moderate
GHSA-m7rc-8w7m-r9qr
was published
for
surrealdb
(Rust)
Apr 10, 2025
SurrealDB has local file read of 2-column TSV files via analyzers
Low
GHSA-2cvj-g5r5-jrrg
was published
for
surrealdb
(Rust)
Apr 10, 2025
SurrealDB server-takeover via SurrealQL injection on backup import
Critical
GHSA-ccj3-5p93-8p42
was published
for
surrealdb
(Rust)
Apr 11, 2025
SurrealDB memory exhaustion via string::replace using regex
High
GHSA-3633-g6mg-p6qq
was published
for
surrealdb
(Rust)
Apr 11, 2025
SurrealDB no JavaScript script function default timeout could facilitate DoS
Low
GHSA-3824-qmfq-2qv7
was published
for
surrealdb
(Rust)
Apr 11, 2025
SurrealDB CPU exhaustion via custom functions result in total DoS
High
GHSA-pxw4-94j3-v9pf
was published
for
surrealdb
(Rust)
Apr 11, 2025
SurrealDB bypass of deny-net flags via redirect results in server-side request forgery (SSRF)
Moderate
GHSA-5q9x-554g-9jgg
was published
for
surrealdb
(Rust)
Apr 11, 2025
ProTip!
Advisories are also available from the
GraphQL API