Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,279
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,421
Pub
12
RubyGems
891
Rust
873
Swift
36
Unreviewed advisories
All unreviewed
5,000+

20,960 advisories

Loading
Werkzeug possible resource exhaustion when parsing file data in forms Moderate
CVE-2024-49767 was published for Quart (pip) Oct 25, 2024
defnull
TCPDF missing character escape on error messages Moderate
CVE-2024-56527 was published for tecnickcom/tcpdf (Composer) Dec 27, 2024
TCPDF has incorrect comparison Moderate
CVE-2024-56522 was published for tecnickcom/tcpdf (Composer) Dec 27, 2024
TCPDF missing certificate validation High
CVE-2024-56521 was published for tecnickcom/tcpdf (Composer) Dec 27, 2024
tecnickcom/tc-lib-pdf-font mishandles fonts Moderate
CVE-2024-56520 was published for tecnickcom/tc-lib-pdf-font (Composer) Dec 27, 2024
TCPDF lacks SVG sanitization Moderate
CVE-2024-56519 was published for tecnickcom/tcpdf (Composer) Dec 27, 2024
Jinja has a sandbox breakout through indirect reference to format method Moderate
CVE-2024-56326 was published for jinja2 (pip) Dec 23, 2024
Lydxn despawningbone
changedetection.io Vulnerable to Improper Input Validation Leading to LFR/Path Traversal High
CVE-2024-56509 was published for changedetection.io (pip) Dec 27, 2024
vicevirus
Exposure of Sensitive Information to an Unauthorized Actor in urllib3 Critical
CVE-2018-20060 was published for urllib3 (pip) Dec 12, 2018
Elliptic's verify function omits uniqueness validation Low
CVE-2024-48949 was published for elliptic (npm) Oct 10, 2024
Markus-MS
REXML DoS vulnerability Moderate
CVE-2024-41123 was published for rexml (RubyGems) Aug 1, 2024
Path traversal vulnerability in functional web frameworks High
CVE-2024-38816 was published for org.springframework:spring-webflux (Maven) Sep 13, 2024
Malayke AlexeyTsvetkov
andreeaButerchi aantonel-sysdig
Podman vulnerable to memory-based denial of service High
CVE-2024-3056 was published for github.com/containers/podman (Go) Aug 2, 2024
REXML ReDoS vulnerability Moderate
CVE-2024-49761 was published for rexml (RubyGems) Oct 28, 2024
TunnelVision - decloaking VPNs using DHCP Moderate
GHSA-hqmp-g7ph-x543 was published for quincy (Rust) Dec 27, 2024
python-sql SQL injection vulnerability Moderate
CVE-2024-9774 was published for python-sql (pip) Dec 27, 2024
lgsl Stored Cross-Site Scripting vulnerability High
CVE-2024-56361 was published for tltneon/lgsl (Composer) Dec 26, 2024
onsali
Marp Core allows XSS by improper neutralization of HTML sanitization Moderate
CVE-2024-56510 was published for @marp-team/marp-core (npm) Dec 26, 2024
Ry0taK
Amazon Redshift Python Connector vulnerable to SQL Injection High
CVE-2024-12745 was published for redshift_connector (pip) Dec 26, 2024
alikrubin
Amazon Redshift JDBC Driver vulnerable to SQL Injection High
CVE-2024-12744 was published for com.amazon.redshift:redshift-jdbc42 (Maven) Dec 26, 2024
alikrubin
Apache HugeGraph-Server: Fixed JWT Token (Secret) Moderate
CVE-2024-43441 was published for org.apache.hugegraph:hugegraph-server (Maven) Dec 24, 2024
Koji Cross-site Scripting Moderate
CVE-2024-9427 was published for koji (pip) Dec 24, 2024
Apache Hive and Spark: CookieSigner exposes the correct signature when message verification fails High
CVE-2024-23945 was published for org.apache.hive:hive-service (Maven) Dec 23, 2024
Jinja has a sandbox breakout through malicious filenames Moderate
CVE-2024-56201 was published for jinja2 (pip) Dec 23, 2024
sleiner sisp
Remote Command Execution in file editing in gogs High
CVE-2024-54148 was published for gogs.io/gogs (Go) Dec 23, 2024
ManassehZhou
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database