GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,279
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,421
Pub
12
RubyGems
891
Rust
873
Swift
36
Unreviewed advisories
All unreviewed
5,000+
59 advisories
Filter by severity
Moodle has insufficient capability checks
Low
CVE-2024-43435
was published
for
moodle/moodle
(Composer)
Nov 11, 2024
loona-hpack Panic Vulnerability
Moderate
CVE-2024-51502
was published
for
loona-hpack
(Rust)
Nov 4, 2024
Jenkins Remoting library arbitrary file read vulnerability
High
CVE-2024-43044
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
Aug 7, 2024
Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling
Moderate
CVE-2024-39832
was published
for
github.com/mattermost/mattermost/server/v8
(Go)
Aug 1, 2024
XMP Toolkit's `XmpFile::close` can trigger undefined behavior
Low
GHSA-66fw-43h8-f8p3
was published
for
xmp_toolkit
(Rust)
Jul 26, 2024
socket.io has an unhandled 'error' event
Moderate
CVE-2024-38355
was published
for
socket.io
(npm)
Jun 19, 2024
LNbits improperly handles potential network and payment failures when using Eclair backend
High
CVE-2024-34694
was published
for
lnbits
(pip)
Jun 17, 2024
Directus is soft-locked by providing a string value to random string util
High
CVE-2024-36128
was published
for
directus
(npm)
Jun 4, 2024
Tor path lengths too short when "full Vanguards" configured
Moderate
CVE-2024-35313
was published
for
arti
(Rust)
May 18, 2024
Tor Arti's STUB circuits incorrectly have a length of 2
High
CVE-2024-35312
was published
for
arti
(Rust)
May 18, 2024
Previous ATX is not checked to be the newest valid ATX by Smesher when validating incoming ATX
High
CVE-2024-34360
was published
for
github.com/spacemeshos/api
(Go)
May 10, 2024
Mattermost crashes web clients via a malformed custom status
Moderate
CVE-2024-4182
was published
for
github.com/mattermost/mattermost-server
(Go)
Apr 26, 2024
HPACK decoder panics on invalid input
High
GHSA-w7hm-hmxv-pvhf
was published
for
hpack
(Rust)
Apr 5, 2024
XSS sidekiq-unique-jobs UI server vulnerability
High
CVE-2024-25122
was published
for
sidekiq-unique-jobs
(RubyGems)
Feb 13, 2024
moby docker daemon crash during image pull of malicious image
Moderate
CVE-2021-21285
was published
for
github.com/moby/moby
(Go)
Jan 31, 2024
BuildKit vulnerable to possible panic when incorrect parameters sent from frontend
Moderate
CVE-2024-23650
was published
for
github.com/moby/buildkit
(Go)
Jan 31, 2024
Vyper's raw_call `value=` kwargs not disabled for static and delegate calls
Moderate
CVE-2024-24567
was published
for
vyper
(pip)
Jan 30, 2024
Mattermost denial of service vulnerability
Moderate
CVE-2023-5967
was published
for
github.com/mattermost/mattermost-server/v6
(Go)
Nov 6, 2023
Apollo Router vulnerable to Improper Check or Handling of Exceptional Conditions
High
CVE-2023-45812
was published
for
apollo-router
(Rust)
Oct 19, 2023
Electron context isolation bypass via nested unserializable return value
Moderate
CVE-2023-29198
was published
for
electron
(npm)
Sep 6, 2023
json2xml Uncaught Exception vulnerability
High
CVE-2022-25024
was published
for
json2xml
(pip)
Aug 23, 2023
Feathers socket handler allows abusing implicit toString
High
CVE-2023-37899
was published
for
@feathersjs/socketio
(npm)
Jul 20, 2023
Shopware improper mail validation vulnerability
Moderate
CVE-2023-34099
was published
for
shopware/shopware
(Composer)
Jun 28, 2023
ink! vulnerable to incorrect decoding of storage value when using `DelegateCall`
Moderate
CVE-2023-34449
was published
for
ink
(Rust)
Jun 14, 2023
Insufficient validation when decoding a Socket.IO packet
Moderate
CVE-2023-32695
was published
for
socket.io-parser
(npm)
May 23, 2023
ProTip!
Advisories are also available from the
GraphQL API