GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,273
Erlang
31
GitHub Actions
21
Go
2,055
Maven
5,000+
npm
3,739
NuGet
668
pip
3,417
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+
9,116 advisories
Filter by severity
Cross-site Scripting vulnerability in SimpleXLSXEx::readThemeColors, SimpleXLSXEx::getColorValue and SimpleXLSX::toHTMLEx
Moderate
CVE-2024-56364
was published
for
shuchkin/simplexlsx
(Composer)
Dec 23, 2024
Jinja has a sandbox breakout through indirect reference to format method
Moderate
CVE-2024-56326
was published
for
jinja2
(pip)
Dec 23, 2024
Jinja has a sandbox breakout through malicious filenames
Moderate
CVE-2024-56201
was published
for
jinja2
(pip)
Dec 23, 2024
Unsoundness in `Iterator` and `DoubleEndedIterator` impls for `glib::VariantStrIter`
Moderate
GHSA-wrw7-89jp-8q8g
was published
for
glib
(Rust)
Dec 23, 2024
Cross Site Scripting (XSS) vulnerability while uploading content to a new deployment
Moderate
GHSA-64gp-r758-8pfm
was published
for
org.jboss.hal:hal-console
(Maven)
Dec 23, 2024
libafl has unsound usages of `core::slice::from_raw_parts_mut`
Moderate
GHSA-f7qj-v3vp-4856
was published
for
libafl
(Rust)
Dec 23, 2024
Unsound usages of `u8` type casting in spl-token-swap
Moderate
GHSA-h6xm-c6r4-vmwf
was published
for
spl-token-swap
(Rust)
Dec 23, 2024
Undefined behaviour in `kvm_ioctls::ioctls::vm::VmFd::create_device`
Moderate
GHSA-3qx8-rv27-j6gp
was published
for
kvm-ioctls
(Rust)
Dec 23, 2024
Netty vulnerability included in redis lettuce
Moderate
GHSA-q4h9-7rxj-7gx2
was published
for
io.lettuce:lettuce-core
(Maven)
Dec 2, 2024
CWA-2023-004: Excessive number of function parameters in compiled Wasm
Moderate
GHSA-75qh-gg76-p2w4
was published
for
cosmwasm-vm
(Go)
Aug 27, 2024
Duplicate Advisory: Keycloak Open Redirect vulnerability
Moderate
GHSA-3p75-q5cc-qmj7
was published
for
org.keycloak:keycloak-parent
(Maven)
Dec 19, 2023
•
withdrawn
Piranha CMS Cross-site Scripting vulnerability
Moderate
CVE-2024-55341
was published
for
Piranha
(NuGet)
Dec 20, 2024
Piranha CMS Cross-site Scripting vulnerability
Moderate
CVE-2024-55342
was published
for
Piranha
(NuGet)
Dec 20, 2024
age vulnerable to malicious plugin names, recipients, or identities causing arbitrary binary execution
Moderate
GHSA-32gq-x56h-299c
was published
for
filippo.io/age
(Go)
Dec 18, 2024
uptime-kuma vulnerable to Local File Inclusion (LFI) via Improper URL Handling in `Real-Browser` monitor
Moderate
CVE-2024-56331
was published
for
uptime-kuma
(npm)
Dec 20, 2024
Oqtane Framework Insecure Direct Object Reference vulnerability
Moderate
CVE-2024-55471
was published
for
Oqtane.Framework
(NuGet)
Dec 20, 2024
HTTP/2 Stream Cancellation Attack
Moderate
CVE-2023-44487
was published
for
com.typesafe.akka:akka-http-core
(Go)
Oct 10, 2023
Keycloak has Vulnerable Redirect URI Validation Results in Open Redirect
Moderate
CVE-2024-8883
was published
for
org.keycloak:keycloak-services
(Maven)
Oct 14, 2024
Keycloaks's One Time Passcode (OTP) is valid longer than expiration timeSeverity
Moderate
CVE-2024-7318
was published
for
org.keycloak:keycloak-core
(Maven)
Oct 14, 2024
Duplicate Advisory: Keycloak Uses a Key Past its Expiration Date
Moderate
GHSA-57rh-gr4v-j5f6
was published
for
org.keycloak:keycloak-core
(Maven)
Sep 9, 2024
•
withdrawn
Duplicate Advisory: Keycloak user may register themselves with same email ID of any existing user
Moderate
GHSA-j9xq-j329-2xvg
was published
for
org.keycloak:keycloak-core
(Maven)
Aug 27, 2022
•
withdrawn
Duplicate Advisory: Keycloak SAML signature validation flaw
Moderate
GHSA-4xx7-2cx3-x473
was published
for
org.keycloak:keycloak-saml-core
(Maven)
Sep 19, 2024
•
withdrawn
Improper Input Validation in Buildah and Podman
Moderate
CVE-2024-9407
was published
for
github.com/containers/buildah
(Go)
Oct 1, 2024
QOS.CH logback-core Expression Language Injection vulnerability
Moderate
CVE-2024-12798
was published
for
ch.qos.logback:logback-core
(Maven)
Dec 19, 2024
Hashicorp Nomad Incorrect Privilege Assignment vulnerability
Moderate
CVE-2024-12678
was published
for
github.com/hashicorp/nomad
(Go)
Dec 20, 2024
ProTip!
Advisories are also available from the
GraphQL API