Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
1,996
Maven
5,000+
npm
3,709
NuGet
661
pip
3,348
Pub
11
RubyGems
885
Rust
846
Swift
36
Unreviewed advisories
All unreviewed
5,000+

11,098 advisories

Loading
In the Linux kernel, the following vulnerability has been resolved: x86/tdx: Fix data leak in... Low Unreviewed
CVE-2024-46794 was published Sep 18, 2024
The Button Generator WordPress plugin before 3.0 does not have CSRF check in place when bulk... Low Unreviewed
CVE-2024-3471 was published May 2, 2024
The HL Twitter WordPress plugin through 2014.1.18 does not have CSRF check in place when updating... Low Unreviewed
CVE-2024-3629 was published May 15, 2024
The MM-email2image WordPress plugin through 0.2.5 does not have CSRF check in some places, and is... Low Unreviewed
CVE-2024-3076 was published Apr 26, 2024
In the process of testing the SEO Plugin by Squirrly SEO WordPress plugin before 12.3.21, a... Low Unreviewed
CVE-2024-10515 was published Nov 20, 2024
The jail(2) system call has not limited a visiblity of allocated TTYs (the kern.ttys sysctl). ... Low Unreviewed
CVE-2024-25941 was published Feb 15, 2024
The console may experience a service interruption when processing file names with invalid... Low Unreviewed
CVE-2023-45715 was published Mar 28, 2024
Improper export of Android application components issue exists in 'ABEMA' App for Android prior... Low Unreviewed
CVE-2024-28745 was published Mar 18, 2024
In pq, there is a possible out of bounds read due to an incorrect bounds check. This could lead... Low Unreviewed
CVE-2024-20038 was published Mar 4, 2024
Harden-Runner has a command injection weaknesses in `setup.ts` and `arc-runner.ts` Low
CVE-2024-52587 was published for step-security/harden-runner (GitHub Actions) Nov 18, 2024
woodruffw
Regular Expression Denial of Service (ReDoS) in @eslint/plugin-kit Low
CVE-2024-21539 was published for @eslint/plugin-kit (npm) Nov 15, 2024
mariancorneci-snyk SuperMaxine
MikuroXina
CHECK-fail in `QuantizeAndDequantizeV4Grad` Low
CVE-2021-29544 was published for tensorflow (pip) May 21, 2021
Incorrect parsing of nameless cookies leads to __Host- cookies bypass Low
CVE-2023-23934 was published for Werkzeug (pip) Feb 15, 2023
lavish
Missing Authorization vulnerability in ThemeIsle Otter - Gutenberg Block allows Exploiting... Low Unreviewed
CVE-2024-51671 was published Nov 19, 2024
Directory Traversal vulnerability in GET/PUT allows attackers to Disclose Information or Write Files via a crafted GET/PUT request Low
CVE-2020-15239 was published for xmpp-http-upload (pip) Oct 6, 2020
ChristianTacke
vantage6 does not properly delete linked resources when deleting a collaboration Low
CVE-2023-41881 was published for vantage6 (pip) Oct 16, 2023
In the Linux kernel, the following vulnerability has been resolved: udf: refactor inode_bmap()... Low Unreviewed
CVE-2024-50211 was published Nov 8, 2024
Keycloak vulnerable to impersonation via logout token exchange Low
CVE-2023-0657 was published for org.keycloak:keycloak-services (Maven) Apr 17, 2024
express vulnerable to XSS via response.redirect() Low
CVE-2024-43796 was published for express (npm) Sep 10, 2024
AdamKorcz UlisesGascon
ctcpip wesleytodd
serve-static vulnerable to template injection that can lead to XSS Low
CVE-2024-43800 was published for serve-static (npm) Sep 10, 2024
AdamKorcz UlisesGascon
ctcpip wesleytodd
send vulnerable to template injection that can lead to XSS Low
CVE-2024-43799 was published for send (npm) Sep 10, 2024
AdamKorcz UlisesGascon
ctcpip wesleytodd
CometBFT's state syncing validator from malicious node may lead to a chain split Low
GHSA-g5xx-c4hv-9ccc was published for github.com/cometbft/cometbft (Go) Sep 3, 2024
Path traversal vulnerability in stripe-cli Low
CVE-2024-45401 was published for github.com/stripe/stripe-cli (Go) Sep 5, 2024
Hono CSRF middleware can be bypassed using crafted Content-Type header Low
CVE-2024-43787 was published for hono (npm) Aug 22, 2024
wataru-chocola
Apache Airflow Providers FAB Insufficient Session Expiration vulnerability Low
CVE-2024-42447 was published for apache-airflow-providers-fab (pip) Aug 5, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database