GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
1,998
Maven
5,000+
npm
3,710
NuGet
661
pip
3,364
Pub
11
RubyGems
885
Rust
846
Swift
36
Unreviewed advisories
All unreviewed
5,000+
7,389 advisories
Filter by severity
Regular Expression Denial of Service (ReDoS) in cross-spawn
High
CVE-2024-21538
was published
for
cross-spawn
(npm)
Nov 8, 2024
changedetection.io path traversal using file URI scheme without supplying hostname
High
CVE-2024-51998
was published
for
changedetection.io
(pip)
Nov 7, 2024
XStream is vulnerable to a Denial of Service attack due to stack overflow from a manipulated binary input stream
High
CVE-2024-47072
was published
for
com.thoughtworks.xstream:xstream
(Maven)
Nov 7, 2024
PHPExcel XXE Vulnerability
High
CVE-2015-3542
was published
for
phpoffice/phpexcel
(Composer)
Nov 7, 2024
Devtron has SQL Injection in CreateUser API
High
CVE-2024-45794
was published
for
github.com/devtron-labs/devtron
(Go)
Nov 7, 2024
Moodle has CSRF risk in Feedback non-respondents report
High
CVE-2024-43434
was published
for
moodle/moodle
(Composer)
Nov 7, 2024
Moodle Remote Code Execution vulnerability
High
CVE-2024-43425
was published
for
moodle/moodle
(Composer)
Nov 7, 2024
Apache Tomcat Allocation of Resources Without Limits or Throttling vulnerability
High
CVE-2024-38286
was published
for
org.apache.tomcat:tomcat-util
(Maven)
Nov 7, 2024
RabbitMQ HTTP API's queue deletion endpoint does not verify that the user has a required permission
High
CVE-2024-51988
was published
for
rabbit_common
(Erlang)
Nov 6, 2024
CometBFT Vote Extensions: Panic when receiving a Pre-commit with an invalid data
High
GHSA-p7mv-53f2-4cwj
was published
for
github.com/cometbft/cometbft
(Go)
Nov 6, 2024
Symfony vulnerable to command execution hijack on Windows with Process class
High
CVE-2024-51736
was published
for
symfony/process
(Composer)
Nov 6, 2024
HAPI FHIR XML External Entity (XXE) vulnerability
High
CVE-2024-51132
was published
for
ca.uhn.hapi.fhir:org.hl7.fhir.convertors
(Maven)
Nov 5, 2024
Reposilite vulnerable to path traversal while serving javadoc expanded files (arbitrary file read) (`GHSL-2024-074`)
High
GHSA-82j3-hf72-7x93
was published
for
com.reposilite:reposilite-backend
(Maven)
Nov 4, 2024
hornetq vulnerable to file overwrite, sensitive information disclosure
High
CVE-2024-51127
was published
for
org.hornetq:hornetq-core-client
(Maven)
Nov 4, 2024
Apache Kylin Session Fixation vulnerability
High
CVE-2024-23590
was published
for
org.apache.kylin:kylin
(Maven)
Nov 4, 2024
Path traversal in oak allows transfer of hidden files within the served root directory
High
CVE-2024-49770
was published
for
@oakserver/oak
(npm)
Nov 1, 2024
Plenti arbitrary file deletion vulnerability
High
CVE-2024-49381
was published
for
github.com/plentico/plenti
(Go)
Oct 31, 2024
Plenti arbitrary file write vulnerability
High
CVE-2024-49380
was published
for
github.com/plentico/plenti
(Go)
Oct 31, 2024
Ollama Out-of-bounds Read
High
CVE-2024-39720
was published
for
github.com/ollama/ollama
(Go)
Oct 31, 2024
Hashicorp Vault vulnerable to denial of service through memory exhaustion
High
CVE-2024-8185
was published
for
github.com/hashicorp/vault
(Go)
Oct 31, 2024
Laravel Reverb Missing API Signature Verification
High
CVE-2024-50347
was published
for
laravel/reverb
(Composer)
Oct 31, 2024
YesWiki Uses a Broken or Risky Cryptographic Algorithm
High
CVE-2024-51478
was published
for
yeswiki/yeswiki
(Composer)
Oct 31, 2024
langflow has vulnerability in PythonCodeTool component
High
CVE-2024-42835
was published
for
langflow
(pip)
Oct 31, 2024
Apache Lucene.Net.Replicator Deserialization of Untrusted Data vulnerability
High
CVE-2024-43383
was published
for
Lucene.Net.Replicator
(NuGet)
Oct 31, 2024
ProTip!
Advisories are also available from the
GraphQL API