GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,273
Erlang
31
GitHub Actions
21
Go
2,055
Maven
5,000+
npm
3,739
NuGet
668
pip
3,417
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+
1,201 advisories
Filter by severity
Maven Archetype Plugin: Maven Archetype integration-test may package local settings into the published artifact, possibly containing credentials
Low
CVE-2024-47197
was published
for
org.apache.maven.plugins:maven-archetype-plugin
(Maven)
Sep 26, 2024
Apache Hadoop: Temporary File Local Information Disclosure
Low
CVE-2024-23454
was published
for
org.apache.hadoop:hadoop-common
(Maven)
Sep 25, 2024
Cross site scripting in Concrete CMS
Low
CVE-2024-8291
was published
for
concrete5/concrete5
(Composer)
Sep 25, 2024
Cross site scripting in Concrete CMS
Low
CVE-2024-7398
was published
for
concrete5/concrete5
(Composer)
Sep 25, 2024
Apache Druid: Users can provide MySQL JDBC properties not on allow list
Low
CVE-2024-45537
was published
for
org.apache.druid:druid
(Maven)
Sep 17, 2024
druid-pac4j, Apache Druid extension, has Padding Oracle vulnerability
Low
CVE-2024-45384
was published
for
org.apache.druid.extensions:druid-pac4j
(Maven)
Sep 17, 2024
lexical-core has multiple soundness issues
Low
GHSA-2326-pfpj-vx3h
was published
for
lexical-core
(Rust)
Sep 16, 2024
Mattermost Desktop App fails to sufficiently configure Electron Fuses
Low
CVE-2024-45835
was published
for
mattermost-desktop
(npm)
Sep 16, 2024
send vulnerable to template injection that can lead to XSS
Low
CVE-2024-43799
was published
for
send
(npm)
Sep 10, 2024
serve-static vulnerable to template injection that can lead to XSS
Low
CVE-2024-43800
was published
for
serve-static
(npm)
Sep 10, 2024
express vulnerable to XSS via response.redirect()
Low
CVE-2024-43796
was published
for
express
(npm)
Sep 10, 2024
AngularJS allows attackers to bypass common image source restrictions
Low
CVE-2024-8372
was published
for
angular
(npm)
Sep 9, 2024
AngularJS allows attackers to bypass common image source restrictions
Low
CVE-2024-8373
was published
for
angular
(npm)
Sep 9, 2024
Path traversal vulnerability in stripe-cli
Low
CVE-2024-45401
was published
for
github.com/stripe/stripe-cli
(Go)
Sep 5, 2024
sigstore-go has an unbounded loop over untrusted input can lead to endless data attack
Low
CVE-2024-45395
was published
for
github.com/sigstore/sigstore-go
(Go)
Sep 4, 2024
Timing-Based Username Enumeration Vulnerability in Fides Webserver Authentication
Low
CVE-2024-45052
was published
for
ethyca-fides
(pip)
Sep 4, 2024
gix-path uses local config across repos when it is the highest scope
Low
CVE-2024-45305
was published
for
gix-path
(Rust)
Sep 3, 2024
CometBFT's state syncing validator from malicious node may lead to a chain split
Low
GHSA-g5xx-c4hv-9ccc
was published
for
github.com/cometbft/cometbft
(Go)
Sep 3, 2024
LTI 1.3 Grade Pass Back Implementation has Missing Authorization Vulnerability
Low
CVE-2023-23611
was published
for
lti-consumer-xblock
(pip)
Aug 30, 2024
freewvs vulnerable to denial of service through large files
Low
CVE-2020-15100
was published
for
freewvs
(pip)
Aug 30, 2024
freewvs's nested directory structure can interrupt scan
Low
CVE-2020-15101
was published
for
freewvs
(pip)
Aug 30, 2024
gitoxide-core does not neutralize special characters for terminals
Low
CVE-2024-43785
was published
for
gitoxide
(Rust)
Aug 22, 2024
Hono CSRF middleware can be bypassed using crafted Content-Type header
Low
CVE-2024-43787
was published
for
hono
(npm)
Aug 22, 2024
Trufflehog vulnerable to Blind SSRF in some Detectors
Low
CVE-2024-43379
was published
for
github.com/trufflesecurity/trufflehog/v3
(Go)
Aug 19, 2024
Silverpeas vulnerable to password complexity rule bypass
Low
CVE-2024-42850
was published
for
org.silverpeas.core:silverpeas-core
(Maven)
Aug 16, 2024
ProTip!
Advisories are also available from the
GraphQL API