GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,285
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,741
NuGet
668
pip
3,422
Pub
12
RubyGems
892
Rust
875
Swift
36
Unreviewed advisories
All unreviewed
5,000+
31 advisories
Filter by severity
RabbitMQ HTTP API's queue deletion endpoint does not verify that the user has a required permission
High
CVE-2024-51988
was published
for
rabbit_common
(Erlang)
Nov 6, 2024
In AshPostgres, empty, atomic, non-bulk actions, policy bypass for side-effects vulnerability.
Moderate
CVE-2024-49756
was published
for
ash_postgres
(Erlang)
Oct 23, 2024
OpenID Connect client Atom Exhaustion in provider configuration worker ets table location
Moderate
CVE-2024-31209
was published
for
oidcc
(Erlang)
Apr 3, 2024
erlang-jose vulnerable to denial of service via large p2c value
Moderate
CVE-2023-50966
was published
for
jose
(Erlang)
Mar 19, 2024
Samly access control vulnerability
Critical
CVE-2024-25718
was published
for
Samly
(Erlang)
Feb 11, 2024
Pleroma Path Traversal vulnerability
Low
CVE-2023-5588
was published
for
pleroma
(Erlang)
Oct 16, 2023
MTProto proxy remote code execution vulnerability
High
CVE-2023-45312
was published
for
mtproto_proxy
(Erlang)
Oct 10, 2023
Pow Mnesia cache doesn't invalidate all expired keys on startup
Moderate
CVE-2023-42446
was published
for
pow
(Erlang)
Sep 19, 2023
Livebook Desktop's protocol handler can be exploited to execute arbitrary command on Windows
High
CVE-2023-35174
was published
for
livebook
(Erlang)
Jun 21, 2023
Ecto lacks a protection mechanism
Critical
CVE-2017-20166
was published
for
ecto
(Erlang)
Jan 10, 2023
phoenix_html allows Cross-site Scripting in HEEx class attributes
Moderate
CVE-2021-46871
was published
for
phoenix_html
(Erlang)
Jan 10, 2023
Phoenix before 1.6.14 mishandles check_origin wildcarding
High
CVE-2022-42975
was published
for
phoenix
(Erlang)
Oct 17, 2022
ecdsa-elixir fails to check signatures, vulnerable to message forging
Critical
CVE-2021-43568
was published
for
ecdsa-elixir
(Erlang)
May 24, 2022
Pivotal RabbitMQ is vulnerable to a denial of service attack
High
CVE-2019-11287
was published
for
RabbitMQ
(Erlang)
May 24, 2022
Cross-site Scripting in RabbitMQ
Low
CVE-2019-11291
was published
for
rabbit_common
(Erlang)
May 24, 2022
Ejabberd DoS via malformed stanza
Moderate
CVE-2011-4320
was published
for
ejabberd
(Erlang)
May 17, 2022
Erlang Solutions MongooseIM vulnerable to denial of service (DoS) via crafted XMPP stream
High
CVE-2014-2829
was published
for
MongooseIM
(Erlang)
May 17, 2022
alchemist.vim vulnerable to remote code execution
Critical
CVE-2017-1000212
was published
for
alchemist.vim
(Erlang)
May 13, 2022
Hex authenticity of signed packages not validated
High
CVE-2019-1000013
was published
for
hex_core
(Erlang)
May 13, 2022
Inline DTD allows XML bomb attack
High
CVE-2019-15160
was published
for
sweet_xml
(Erlang)
Apr 12, 2022
Arbitrary Code Execution in Cookie Serialization
High
CVE-2017-1000053
was published
for
plug
(Erlang)
Apr 12, 2022
Null Byte Injection in Plug.Static
High
CVE-2017-1000052
was published
for
plug
(Erlang)
Apr 12, 2022
ProTip!
Advisories are also available from the
GraphQL API