GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
15 advisories
Vite allows server.fs.deny to be bypassed with .svg or relative paths
Moderate
CVE-2025-31486
was published
for
vite
(npm)
Apr 4, 2025
Vite has a `server.fs.deny` bypassed for `inline` and `raw` with `?import` query
Moderate
CVE-2025-31125
was published
for
vite
(npm)
Mar 31, 2025
Vite bypasses server.fs.deny when using ?raw??
Moderate
CVE-2025-30208
was published
for
vite
(npm)
Mar 25, 2025
Ghost's improper authentication allows access to member information and actions
Moderate
CVE-2024-43409
was published
for
@tryghost/portal
(npm)
Aug 20, 2024
Vite's `server.fs.deny` is bypassed when using `?import&raw`
Moderate
CVE-2024-45811
was published
for
vite
(npm)
Sep 17, 2024
Directus vulnerable to SSRF Loopback IP filter bypass
Moderate
CVE-2024-46990
was published
for
@directus/api
(npm)
Sep 18, 2024
Vite's `server.fs.deny` did not deny requests for patterns with directories.
Moderate
CVE-2024-31207
was published
for
vite
(npm)
Apr 3, 2024
@lobehub/chat vulnerable to unauthorized access to plugins
Moderate
CVE-2024-24566
was published
for
@lobehub/chat
(npm)
Jan 31, 2024
When setting EntityOptions.apiPrefilter to a function, the filter is not applied to API requests for a resource by Id
Moderate
CVE-2023-35167
was published
for
remult
(npm)
Jun 20, 2023
directus vulnerable to Insertion of Sensitive Information into Log File
Moderate
CVE-2023-28443
was published
for
directus
(npm)
Mar 23, 2023
ProTip!
Advisories are also available from the
GraphQL API