Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,285
Erlang
31
GitHub Actions
21
Go
2,057
Maven
5,000+
npm
3,742
NuGet
668
pip
3,423
Pub
12
RubyGems
892
Rust
875
Swift
36
Unreviewed advisories
All unreviewed
5,000+

3,137 advisories

Loading
path-sanitizer allows bypassing the existing filters to achieve path-traversal vulnerability Critical
CVE-2024-56198 was published for path-sanitizer (npm) Jan 2, 2025
realArcherL
TeamPass privileges issue Critical
CVE-2024-50703 was published for nilsteampassnet/teampass (Composer) Dec 30, 2024
Apache MINA Deserialization RCE Vulnerability Critical
CVE-2024-52046 was published for org.apache.mina:mina-core (Maven) Dec 25, 2024
Malayke
Apache HugeGraph-Server: Fixed JWT Token (Secret) Critical
CVE-2024-43441 was published for org.apache.hugegraph:hugegraph-server (Maven) Dec 24, 2024
Gogs has an argument Injection in the built-in SSH server Critical
CVE-2024-39930 was published for gogs.io/gogs (Go) Dec 23, 2024
swapgs
Gogs allows argument injection during the previewing of changes Critical
CVE-2024-39932 was published for gogs.io/gogs (Go) Dec 23, 2024
swapgs
Gogs allows deletion of internal files Critical
CVE-2024-39931 was published for gogs.io/gogs (Go) Dec 23, 2024
swapgs
SQL injection in Apache Traffic Control Critical
CVE-2024-45387 was published for github.com/apache/trafficcontrol/v8 (Go) Dec 23, 2024
GoCast OS Command Injection vulnerability Critical
CVE-2024-28892 was published for github.com/mayuresh82/gocast (Go) Dec 20, 2024
Malayke
Craft CMS has potential RCE when PHP `register_argc_argv` config setting is enabled Critical
CVE-2024-56145 was published for craftcms/cms (Composer) Dec 18, 2024
akues-an
XWiki allows remote code execution through the extension sheet Critical
CVE-2024-55662 was published for org.xwiki.platform:xwiki-platform-repository-server-ui (Maven) Dec 12, 2024
http4k has a potential XXE (XML External Entity Injection) vulnerability Critical
CVE-2024-55875 was published for org.http4k:http4k-format-xml (Maven) Dec 12, 2024
JAckLosingHeart
XWiki allows remote code execution from account through macro descriptions and XWiki.XWikiSyntaxMacrosList Critical
CVE-2024-55877 was published for org.xwiki.platform:xwiki-platform-help-ui (Maven) Dec 12, 2024
XWiki allows RCE from script right in configurable sections Critical
CVE-2024-55879 was published for org.xwiki.platform:xwiki-platform-administration-ui (Maven) Dec 12, 2024
Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto Critical
CVE-2024-45337 was published for golang.org/x/crypto (Go) Dec 11, 2024
ryanbekhen SuperSandro2000
Apache Struts file upload logic is flawed Critical
CVE-2024-53677 was published for org.apache.struts:struts2-core (Maven) Dec 11, 2024
Angular Expressions - Remote Code Execution when using locals Critical
CVE-2024-54152 was published for angular-expressions (npm) Dec 10, 2024
JorianWoltjer
hull.js Code Injection Vulnerability Critical
GHSA-q849-wxrc-vqrp was published for hull.js (npm) Dec 2, 2024
mcoimbra filipeom
AsyncHttpClient (AHC) library's `CookieStore` replaces explicitly defined `Cookie`s Critical
CVE-2024-53990 was published for org.asynchttpclient:async-http-client (Maven) Dec 2, 2024
pickypg
Duplicate Advisory: Querydsl SQL/HQL injection Critical
GHSA-wpvf-5mc3-hv6m was published for com.querydsl:querydsl-apt (Maven) Nov 20, 2024 withdrawn
cobbler allows anyone to connect to cobbler XML-RPC server with known password and make changes Critical
CVE-2024-47533 was published for cobbler (pip) Nov 18, 2024
opoplawski
Apache Tomcat - Authentication Bypass Critical
CVE-2024-52316 was published for org.apache.tomcat:tomcat-catalina (Maven) Nov 18, 2024
LibreNMS has an Authenticated OS Command Injection Critical
CVE-2024-51092 was published for librenms/librenms (Composer) Nov 15, 2024
mallo-m
Improper Restriction of XML External Entity Reference in dompdf/dompdf Critical
CVE-2021-3902 was published for dompdf/dompdf (Composer) Nov 15, 2024
Deserialization of Untrusted Data in dompdf/dompdf Critical
CVE-2021-3838 was published for dompdf/dompdf (Composer) Nov 15, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database