Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,324
Erlang
31
GitHub Actions
21
Go
2,087
Maven
5,000+
npm
3,751
NuGet
674
pip
3,437
Pub
12
RubyGems
892
Rust
881
Swift
37
Unreviewed advisories
All unreviewed
5,000+

1,222 advisories

Loading
Cross site scripting in Concrete CMS Low
CVE-2024-7398 was published for concrete5/concrete5 (Composer) Sep 25, 2024
Apache Druid: Users can provide MySQL JDBC properties not on allow list Low
CVE-2024-45537 was published for org.apache.druid:druid (Maven) Sep 17, 2024
druid-pac4j, Apache Druid extension, has Padding Oracle vulnerability Low
CVE-2024-45384 was published for org.apache.druid.extensions:druid-pac4j (Maven) Sep 17, 2024
lexical-core has multiple soundness issues Low
GHSA-2326-pfpj-vx3h was published for lexical-core (Rust) Sep 16, 2024
Mattermost Desktop App fails to sufficiently configure Electron Fuses Low
CVE-2024-45835 was published for mattermost-desktop (npm) Sep 16, 2024
send vulnerable to template injection that can lead to XSS Low
CVE-2024-43799 was published for send (npm) Sep 10, 2024
AdamKorcz UlisesGascon
ctcpip wesleytodd
serve-static vulnerable to template injection that can lead to XSS Low
CVE-2024-43800 was published for serve-static (npm) Sep 10, 2024
AdamKorcz UlisesGascon
ctcpip wesleytodd
express vulnerable to XSS via response.redirect() Low
CVE-2024-43796 was published for express (npm) Sep 10, 2024
AdamKorcz UlisesGascon
ctcpip wesleytodd
AngularJS allows attackers to bypass common image source restrictions Low
CVE-2024-8373 was published for angular (npm) Sep 9, 2024
AngularJS allows attackers to bypass common image source restrictions Low
CVE-2024-8372 was published for angular (npm) Sep 9, 2024
Path traversal vulnerability in stripe-cli Low
CVE-2024-45401 was published for github.com/stripe/stripe-cli (Go) Sep 5, 2024
sigstore-go has an unbounded loop over untrusted input can lead to endless data attack Low
CVE-2024-45395 was published for github.com/sigstore/sigstore-go (Go) Sep 4, 2024
AdamKorcz codysoyland
Timing-Based Username Enumeration Vulnerability in Fides Webserver Authentication Low
CVE-2024-45052 was published for ethyca-fides (pip) Sep 4, 2024
RobertKeyser pattisdr
daveqnet
gix-path uses local config across repos when it is the highest scope Low
CVE-2024-45305 was published for gix-path (Rust) Sep 3, 2024
EliahKagan martinvonz
CometBFT's state syncing validator from malicious node may lead to a chain split Low
GHSA-g5xx-c4hv-9ccc was published for github.com/cometbft/cometbft (Go) Sep 3, 2024
LTI 1.3 Grade Pass Back Implementation has Missing Authorization Vulnerability Low
CVE-2023-23611 was published for lti-consumer-xblock (pip) Aug 30, 2024
freewvs vulnerable to denial of service through large files Low
CVE-2020-15100 was published for freewvs (pip) Aug 30, 2024
freewvs's nested directory structure can interrupt scan Low
CVE-2020-15101 was published for freewvs (pip) Aug 30, 2024
gitoxide-core does not neutralize special characters for terminals Low
CVE-2024-43785 was published for gitoxide (Rust) Aug 22, 2024
EliahKagan
Hono CSRF middleware can be bypassed using crafted Content-Type header Low
CVE-2024-43787 was published for hono (npm) Aug 22, 2024
wataru-chocola
Trufflehog vulnerable to Blind SSRF in some Detectors Low
CVE-2024-43379 was published for github.com/trufflesecurity/trufflehog/v3 (Go) Aug 19, 2024
abankalarm
Silverpeas vulnerable to password complexity rule bypass Low
CVE-2024-42850 was published for org.silverpeas.core:silverpeas-core (Maven) Aug 16, 2024
Concrete CMS vulnerable to Stored Cross-site Scripting Low
CVE-2024-7512 was published for concrete5/concrete5 (Composer) Aug 12, 2024
Concrete CMS Stored Cross-site Scripting vulnerability Low
CVE-2024-4350 was published for concrete5/concrete5 (Composer) Aug 12, 2024
Concrete CMS Stored XSS in getAttributeSetName Low
CVE-2024-7394 was published for concrete5/concrete5 (Composer) Aug 8, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database