GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,273
Erlang
31
GitHub Actions
21
Go
2,055
Maven
5,000+
npm
3,739
NuGet
668
pip
3,417
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+
9,116 advisories
Filter by severity
ezsystems/ezplatform-http-cache affected by Breach with Varnish VCL
Moderate
GHSA-mgfg-7533-7jf6
was published
for
ezsystems/ezplatform-http-cache
(Composer)
Dec 2, 2024
Python package "zhmcclient" stores passwords in clear text in its HMC and API logs
Moderate
CVE-2024-53865
was published
for
zhmcclient
(pip)
Dec 2, 2024
Ibexa Admin UI vulnerable to Cross-site Scripting in a field that is used in the Content name pattern
Moderate
CVE-2024-53864
was published
for
ibexa/admin-ui
(Composer)
Dec 2, 2024
check-jsonschema default caching for remote schemas allows for cache confusion
Moderate
CVE-2024-53848
was published
for
check-jsonschema
(pip)
Dec 2, 2024
quic-go affected by an ICMP Packet Too Large Injection Attack on Linux
Moderate
CVE-2024-53259
was published
for
github.com/quic-go/quic-go
(Go)
Dec 2, 2024
@intlify/shared Prototype Pollution vulnerability
Moderate
CVE-2024-52810
was published
for
@intlify/shared
(npm)
Dec 2, 2024
vue-i18n has cross-site scripting vulnerability with prototype pollution
Moderate
CVE-2024-52809
was published
for
@intlify/core
(npm)
Dec 2, 2024
SimpleSAMLphp SAML2 has an XXE in parsing SAML messages
Moderate
CVE-2024-52806
was published
for
simplesamlphp/saml2
(Composer)
Dec 2, 2024
sftpgo vulnerable to brute force takeover of OpenID Connect session cookies
Moderate
CVE-2024-52801
was published
for
github.com/drakkan/sftpgo/v2
(Go)
Dec 2, 2024
Traefik's X-Forwarded-Prefix Header still allows for Open Redirect
Moderate
CVE-2024-52003
was published
for
github.com/traefik/traefik/v2
(Go)
Dec 2, 2024
Spring Framework has Authorization Bypass for Case Sensitive Comparisons
Moderate
CVE-2024-38827
was published
for
org.springframework:spring-beans
(Maven)
Dec 2, 2024
Withdrawn Advisory: Symfony http-security has authentication bypass
Moderate
CVE-2024-36611
was published
for
symfony/security-http
(Composer)
Nov 29, 2024
•
withdrawn
NULL Pointer Dereference on moby image history
Moderate
CVE-2024-36620
was published
for
github.com/moby/moby
(Go)
Nov 29, 2024
pyspider Cross-site Scripting vulnerability
Moderate
CVE-2024-39162
was published
for
pyspider
(pip)
Nov 29, 2024
Recursive repository cloning can leak authentication tokens to non-GitHub submodule hosts
Moderate
CVE-2024-53858
was published
for
github.com/cli/cli/v2
(Go)
Nov 27, 2024
`auth.TokenForHost` violates GitHub host security boundary when sourcing authentication token within a codespace
Moderate
CVE-2024-53859
was published
for
github.com/cli/go-gh
(Go)
Nov 27, 2024
Devolutions.XTS.NET Vulnerable to Timing Attack on GF Multiplications
Moderate
CVE-2024-11862
was published
for
Devolutions.XTS.NET
(NuGet)
Nov 27, 2024
Jenkins Filesystem List Parameter Plugin has Path Traversal vulnerability
Moderate
CVE-2024-54004
was published
for
aendter.jenkins.plugins:filesystem-list-parameter-plugin
(Maven)
Nov 27, 2024
CRI-O: Maliciously structured checkpoint file can gain arbitrary node access
Moderate
CVE-2024-8676
was published
for
github.com/cri-o/cri-o
(Go)
Nov 26, 2024
Re-creating a deleted user in lakeFS will re-enable previous user credentials that existed prior to its deletion
Moderate
CVE-2024-43784
was published
for
github.com/treeverse/lakefs
(Go)
Nov 26, 2024
TCPDF Local File Inclusion vulnerability
Moderate
CVE-2024-51058
was published
for
tecnickcom/tcpdf
(Composer)
Nov 26, 2024
@dapperduckling/keycloak-connector-server has Reflected XSS Vulnerability in Authentication Flow URL Handling
Moderate
CVE-2024-53843
was published
for
@dapperduckling/keycloak-connector-server
(npm)
Nov 26, 2024
sigstore-java has vulnerability with bundle verification
Moderate
CVE-2024-53267
was published
for
dev.sigstore:sigstore-java
(Maven)
Nov 26, 2024
Keycloak proxy header handling Denial-of-Service (DoS) vulnerability
Moderate
CVE-2024-9666
was published
for
org.keycloak:keycloak-quarkus-server
(Maven)
Nov 25, 2024
Cilium's Layer 7 policy enforcement may not occur in policies with wildcarded port ranges
Moderate
CVE-2024-52529
was published
for
github.com/cilium/cilium
(Go)
Nov 25, 2024
ProTip!
Advisories are also available from the
GraphQL API