GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
2,000
Maven
5,000+
npm
3,711
NuGet
661
pip
3,383
Pub
11
RubyGems
885
Rust
849
Swift
36
Unreviewed advisories
All unreviewed
5,000+
20,704 advisories
Filter by severity
Moodle IDOR when accessing list of course badges
Moderate
CVE-2024-48899
was published
for
moodle/moodle
(Composer)
Nov 20, 2024
HTML Cleaner allows crafted scripts in special contexts like svg or math to pass through
High
CVE-2024-52595
was published
for
lxml-html-clean
(pip)
Nov 19, 2024
Rclone has Improper Permission and Ownership Handling on Symlink Targets with --links and --metadata
Moderate
CVE-2024-52522
was published
for
github.com/rclone/rclone
(Go)
Nov 19, 2024
Redaxo Core CMS Cross Site Scripting (XSS)
Moderate
CVE-2024-50803
was published
for
redaxo/source
(Composer)
Nov 19, 2024
Statamic CMS has a Path Traversal in Asset Upload
Moderate
CVE-2024-52600
was published
for
statamic/cms
(Composer)
Nov 19, 2024
Apache Kafka Clients: Privilege escalation to filesystem read-access via automatic ConfigProvider
Moderate
CVE-2024-31141
was published
for
org.apache.kafka:kafka-clients
(Maven)
Nov 19, 2024
Harden-Runner has a command injection weaknesses in `setup.ts` and `arc-runner.ts`
Low
CVE-2024-52587
was published
for
step-security/harden-runner
(GitHub Actions)
Nov 18, 2024
aiohttp allows request smuggling due to incorrect parsing of chunk extensions
Moderate
CVE-2024-52304
was published
for
aiohttp
(pip)
Nov 18, 2024
aiohttp has a memory leak when middleware is enabled when requesting a resource with a non-allowed method
Moderate
CVE-2024-52303
was published
for
aiohttp
(pip)
Nov 18, 2024
Sharks has a Bias of Polynomial Coefficients in Secret Sharing
Moderate
GHSA-jp37-5qhw-mffw
was published
for
sharks
(Rust)
Nov 18, 2024
Graylog concurrent PDF report rendering can leak other users' reports
High
CVE-2024-52506
was published
for
org.graylog:graylog-parent
(Maven)
Nov 18, 2024
XXE in PHPSpreadsheet's XLSX reader
High
CVE-2024-48917
was published
for
phpoffice/phpspreadsheet
(Composer)
Nov 18, 2024
XmlScanner bypass leads to XXE
High
CVE-2024-47873
was published
for
phpoffice/phpspreadsheet
(Composer)
Nov 18, 2024
cobbler allows anyone to connect to cobbler XML-RPC server with known password and make changes
Critical
CVE-2024-47533
was published
for
cobbler
(pip)
Nov 18, 2024
Apache Tomcat - XSS in generated JSPs
Moderate
CVE-2024-52318
was published
for
org.apache.tomcat:tomcat-jasper
(Maven)
Nov 18, 2024
Apache Tomcat Request and/or response mix-up
Moderate
CVE-2024-52317
was published
for
org.apache.tomcat.embed:tomcat-embed-core
(Maven)
Nov 18, 2024
Apache Tomcat - Authentication Bypass
Critical
CVE-2024-52316
was published
for
org.apache.tomcat:tomcat-catalina
(Maven)
Nov 18, 2024
django CMS Cross-Site Scripting (XSS)
Moderate
CVE-2024-11319
was published
for
django-cms
(pip)
Nov 18, 2024
Moodle leaks user names
Moderate
CVE-2024-48896
was published
for
moodle/moodle
(Composer)
Nov 18, 2024
moodle: Some users can delete audiences of other reports
Moderate
CVE-2024-48898
was published
for
moodle/moodle
(Composer)
Nov 18, 2024
moodle: IDOR in edit/delete RSS feed
Moderate
CVE-2024-48897
was published
for
moodle/moodle
(Composer)
Nov 18, 2024
moodle: IDOR when fetching report schedules
Moderate
CVE-2024-48901
was published
for
moodle/moodle
(Composer)
Nov 18, 2024
Firebase JavaScript SDK allows attackers to manipulate the "_authTokenSyncURL" to point to their own server
Moderate
CVE-2024-11023
was published
for
firebase
(npm)
Nov 18, 2024
Spring MVC controller vulnerable to a DoS attack
Moderate
CVE-2024-38828
was published
for
org.springframework:spring-webmvc
(Maven)
Nov 18, 2024
Kubernetes Nil pointer dereference in KCM after v1 HPA patch request
High
CVE-2024-0793
was published
for
k8s.io/kubernetes
(Go)
Nov 17, 2024
ProTip!
Advisories are also available from the
GraphQL API