Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,266
Erlang
31
GitHub Actions
21
Go
2,041
Maven
5,000+
npm
3,733
NuGet
662
pip
3,414
Pub
12
RubyGems
891
Rust
866
Swift
36
Unreviewed advisories
All unreviewed
5,000+

1,197 advisories

Loading
configobj ReDoS exploitable by developer using values in a server-side configuration file Low
CVE-2023-26112 was published for configobj (pip) Apr 3, 2023
timothestoifl24
Concrete CMS vulnerable to Stored Cross-site Scripting Low
CVE-2024-4353 was published for concrete5/concrete5 (Composer) Aug 1, 2024
Concrete CMS Stored XSS Low
CVE-2023-49337 was published for concrete5/concrete5 (Composer) Feb 29, 2024
Drupal core contains a potential PHP Object Injection vulnerability Low
CVE-2024-55636 was published for drupal/core (Composer) Dec 10, 2024
SurrealDB has Silent Failure to Overwrite Table Definition of Relation Type Low
GHSA-27vq-hv74-7cqp was published for surrealdb (Rust) Dec 16, 2024
AlbertMarashi
Mattermost Server Resource Exhaustion Low
CVE-2024-28053 was published for github.com/mattermost/mattermost/server/v8 (Go) Mar 15, 2024
Mattermost Server Improper Access Control Low
CVE-2024-21848 was published for github.com/mattermost/mattermost/server/v8 (Go) Apr 5, 2024
Mattermost race condition Low
CVE-2024-1949 was published for github.com/mattermost/mattermost/server/v8 (Go) Feb 29, 2024
Symfony has an incorrect response from Validator when input ends with `\n` Low
CVE-2024-50343 was published for symfony/symfony (Composer) Nov 6, 2024
offscriptian alexandre-daubois
Magento Open Source Improper Access Control vulnerability Low
CVE-2024-45149 was published for magento/community-edition (Composer) Oct 10, 2024
Possible Content Security Policy bypass in Action Dispatch Low
CVE-2024-54133 was published for actionpack (RubyGems) Dec 10, 2024
lxd CA certificate sign check bypass Low
CVE-2024-6156 was published for github.com/canonical/lxd (Go) Dec 9, 2024
markylaing
sigstore has insufficient validation of integration timestamp during verification Low
CVE-2024-55655 was published for sigstore (pip) Dec 11, 2024
woodruffw haydentherapper
Simulation of Wasmd message can cause crashing Low
GHSA-vmg2-r3xv-r3xf was published for github.com/CosmWasm/wasmd (Go) Dec 10, 2024
lxd has a restricted TLS certificate privilege escalation when in PKI mode Low
CVE-2024-6219 was published for github.com/canonical/lxd (Go) Dec 9, 2024
markylaing
Apache Superset: Improper SQL authorisation, parse not checking for specific postgres functions Low
CVE-2024-53947 was published for apache-superset (pip) Dec 9, 2024
shared_preferences_android vulnerability Low
GHSA-3hpf-ff72-j67p was published for shared_preferences_android (Pub) Dec 6, 2024
oskar-zeinomahmalat-sonarsource reidbaker
stuartmorgan
Certifi removes GLOBALTRUST root certificate Low
CVE-2024-39689 was published for certifi (pip) Jul 5, 2024
Kwpolska
sigstore-java has a vulnerability with bundle verification Low
CVE-2024-54140 was published for dev.sigstore:sigstore-java (Maven) Dec 5, 2024
loosebazooka
Firepad allows insecure document access Low
CVE-2024-51210 was published for firepad (npm) Dec 4, 2024
Unsound usages of `std::slice::from_raw_parts` Low
GHSA-gw5w-5j7f-jmjj was published for pprof (Rust) Dec 5, 2024
Jenkins GitHub Pull Request Builder Plugin credential capture vulnerability Low
CVE-2018-1000186 was published for org.jenkins-ci.plugins:ghprb (Maven) May 14, 2022
binary-1024
linkme fails to ensure slice elements match the slice's declared type Low
GHSA-f95p-4cv5-8w8x was published for linkme (Rust) Dec 4, 2024
Ansible-Core vulnerable to content protections bypass Low
CVE-2024-11079 was published for ansible-core (pip) Nov 12, 2024
arvindshmicrosoft
Information Disclosure in Password Reset Low
CVE-2020-11063 was published for typo3/cms (Composer) May 13, 2020
NeoBlack ohader
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database