GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
1,996
Maven
5,000+
npm
3,709
NuGet
661
pip
3,348
Pub
11
RubyGems
885
Rust
846
Swift
36
Unreviewed advisories
All unreviewed
5,000+
1,168 advisories
Filter by severity
Harden-Runner has a command injection weaknesses in `setup.ts` and `arc-runner.ts`
Low
CVE-2024-52587
was published
for
step-security/harden-runner
(GitHub Actions)
Nov 18, 2024
Regular Expression Denial of Service (ReDoS) in @eslint/plugin-kit
Low
CVE-2024-21539
was published
for
@eslint/plugin-kit
(npm)
Nov 15, 2024
s2n-tls has undefined behavior at process exit
Low
GHSA-rp9h-rf7g-hwgr
was published
for
s2n-tls
(Rust)
Nov 14, 2024
.NET Denial of Service Vulnerability
Low
CVE-2024-43499
was published
for
System.Formats.Nrbf
(NuGet)
Nov 12, 2024
paillier-zk has ambiguous challenge derivation
Low
GHSA-fpr5-jp2j-4q2f
was published
for
paillier-zk
(Rust)
Nov 12, 2024
cggmp21 vulnerable to ambiguous challenge derivation
Low
GHSA-rm66-9gh4-4gp8
was published
for
cggmp21
(Rust)
Nov 12, 2024
cggmp21-keygen has ambiguous challenge derivation
Low
GHSA-7jjx-3qw9-j6h6
was published
for
cggmp21-keygen
(Rust)
Nov 12, 2024
`fast-float` has multiple soundness issues
Low
GHSA-x8jh-xj3x-gx3c
was published
for
fast-float
(Rust)
Nov 12, 2024
Ansible-Core vulnerable to content protections bypass
Low
CVE-2024-11079
was published
for
ansible-core
(pip)
Nov 12, 2024
Moodle Cross-site Scripting vulnerability
Low
CVE-2024-43437
was published
for
moodle/moodle
(Composer)
Nov 11, 2024
Moodle admin presets export tool includes some secrets that should not be exported
Low
CVE-2024-43427
was published
for
moodle/moodle
(Composer)
Nov 11, 2024
Moodle has user information visibility control issues in gradebook reports
Low
CVE-2024-43429
was published
for
moodle/moodle
(Composer)
Nov 11, 2024
Moodle has insufficient capability checks
Low
CVE-2024-43435
was published
for
moodle/moodle
(Composer)
Nov 11, 2024
Moodle's user/power level management inconsistent with suspended users
Low
CVE-2024-43433
was published
for
moodle/moodle
(Composer)
Nov 11, 2024
Moodle has insufficient access control
Low
CVE-2024-43430
was published
for
moodle/moodle
(Composer)
Nov 11, 2024
Moodle authorization headers preserved between "emulated redirects"
Low
CVE-2024-43432
was published
for
moodle/moodle
(Composer)
Nov 11, 2024
sp1 has insufficient observation of cumulative sum
Low
GHSA-8m24-3cfx-9fjw
was published
for
sp1-recursion-circuit
(Rust)
Nov 8, 2024
Apache Airflow vulnerable to Insertion of Sensitive Information Into Sent Data
Low
CVE-2024-50378
was published
for
apache-airflow
(pip)
Nov 8, 2024
Filament has exported files stored in default (`public`) filesystem if not reconfigured
Low
CVE-2024-51758
was published
for
filament/actions
(Composer)
Nov 7, 2024
Twig has unguarded calls to `__isset()` and to array-accesses when the sandbox is enabled
Low
CVE-2024-51755
was published
for
twig/twig
(Composer)
Nov 6, 2024
Twig has unguarded calls to `__toString()` when nesting an object into an array
Low
CVE-2024-51754
was published
for
twig/twig
(Composer)
Nov 6, 2024
Symfony vulnerable to open redirect via browser-sanitized URLs
Low
CVE-2024-50345
was published
for
symfony/http-foundation
(Composer)
Nov 6, 2024
Symfony has an incorrect response from Validator when input ends with `\n`
Low
CVE-2024-50343
was published
for
symfony/symfony
(Composer)
Nov 6, 2024
Symfony allows internal address and port enumeration by NoPrivateNetworkHttpClient
Low
CVE-2024-50342
was published
for
symfony/http-client
(Composer)
Nov 6, 2024
Symfony's `Security::login` does not take into account custom `user_checker`
Low
CVE-2024-50341
was published
for
symfony/security-bundle
(Composer)
Nov 6, 2024
ProTip!
Advisories are also available from the
GraphQL API