GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,273
Erlang
31
GitHub Actions
21
Go
2,055
Maven
5,000+
npm
3,739
NuGet
668
pip
3,417
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+
9,116 advisories
Filter by severity
Apache Tomcat Uncontrolled Resource Consumption vulnerability
Moderate
CVE-2024-54677
was published
for
org.apache.tomcat:tomcat-catalina
(Maven)
Dec 17, 2024
Traefik affected by CVE-2024-53259
Moderate
GHSA-hxr6-2p24-hf98
was published
for
github.com/traefik/traefik/v2
(Go)
Dec 17, 2024
Welcome and About GeoServer pages communicate version and revision information
Moderate
CVE-2024-35230
was published
for
org.geoserver.web:gs-web-app
(Maven)
Dec 16, 2024
Mattermost Race Condition vulnerability
Moderate
CVE-2024-48872
was published
for
github.com/mattermost/mattermost/server/v8
(Go)
Dec 16, 2024
Mattermost Improper Validation of Specified Type of Input vulnerability
Moderate
CVE-2024-54083
was published
for
github.com/mattermost/mattermost/server/v8
(Go)
Dec 16, 2024
Mattermost Data Amplification vulnerability
Moderate
CVE-2024-54682
was published
for
github.com/mattermost/mattermost/server/v8
(Go)
Dec 16, 2024
D-Tale allows Remote Code Execution through the Custom Filter Input
Moderate
CVE-2024-55890
was published
for
dtale
(pip)
Dec 13, 2024
thorsten/phpmyfaq Unintended File Download Triggered by Embedded Frames
Moderate
CVE-2024-55889
was published
for
thorsten/phpmyfaq
(Composer)
Dec 13, 2024
Boundary Community Edition Incorrectly Handles HTTP Requests On Initialization Which May Lead to a Denial of Service
Moderate
CVE-2024-12289
was published
for
github.com/hashicorp/boundary
(Go)
Dec 13, 2024
Cross-site Scripting vulnerability in SimpleXLSXEx::readXfs and SimpeXLSX::toHTMLEx
Moderate
CVE-2024-55878
was published
for
shuchkin/simplexlsx
(Composer)
Dec 12, 2024
Beego has Collision Hazards of MD5 in Cache Key Filenames
Moderate
CVE-2024-55885
was published
for
github.com/beego/beego
(Go)
Dec 12, 2024
XWiki's scheduler in subwiki allows scheduling operations for any main wiki user
Moderate
CVE-2024-55876
was published
for
org.xwiki.platform:xwiki-platform-scheduler-ui
(Maven)
Dec 12, 2024
Duplicate Advisory: cert-manager ha a potential slowdown / DoS when parsing specially crafted PEM inputs
Moderate
CVE-2024-12401
was published
for
github.com/cert-manager/cert-manager
(Go)
Dec 12, 2024
•
withdrawn
SiYuan has an SSTI via /api/template/renderSprig
Moderate
CVE-2024-55660
was published
for
github.com/siyuan-note/siyuan/kernel
(Go)
Dec 11, 2024
kcp's impersonation allows access to global administrative groups
Moderate
GHSA-c7xh-gjv4-4jgv
was published
for
github.com/kcp-dev/kcp
(Go)
Dec 11, 2024
pnpm no-script global cache poisoning via overrides / `ignore-scripts` evasion
Moderate
CVE-2024-53866
was published
for
pnpm
(npm)
Dec 10, 2024
CosmWasm VM Incorrect metering
Moderate
GHSA-2q97-m5rc-p3gp
was published
for
cosmwasm-vm
(Go)
Dec 10, 2024
Panic in wasmvm can slow down block production
Moderate
GHSA-vmqh-5232-v43r
was published
for
cosmwasm-vm
(Go)
Dec 10, 2024
Withdrawn Advisory: Nette Database SQL injection
Moderate
CVE-2024-55586
was published
for
nette/database
(Composer)
Dec 10, 2024
•
withdrawn
Drupal core Access bypass
Moderate
CVE-2024-55634
was published
for
drupal/core
(Composer)
Dec 10, 2024
Drupal Core Cross-Site Scripting (XSS)
Moderate
CVE-2024-12393
was published
for
drupal/core
(Composer)
Dec 10, 2024
unstructured XML External Entity (XXE)
Moderate
CVE-2024-46455
was published
for
unstructured
(pip)
Dec 9, 2024
WildFly Elytron OpenID Connect Client Extension authorization code injection attack
Moderate
CVE-2024-12369
was published
for
org.wildfly:wildfly-elytron-oidc-client-subsystem
(Maven)
Dec 9, 2024
Hugo does not escape some attributes in internal templates
Moderate
CVE-2024-55601
was published
for
github.com/gohugoio/hugo
(Go)
Dec 9, 2024
`idna` accepts Punycode labels that do not produce any non-ASCII when decoded
Moderate
CVE-2024-12224
was published
for
idna
(Rust)
Dec 9, 2024
ProTip!
Advisories are also available from the
GraphQL API