GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,273
Erlang
31
GitHub Actions
21
Go
2,055
Maven
5,000+
npm
3,739
NuGet
668
pip
3,417
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+
20,944 advisories
Filter by severity
Apache Hive and Spark: CookieSigner exposes the correct signature when message verification fails
High
CVE-2024-23945
was published
for
org.apache.hive:hive-service
(Maven)
Dec 23, 2024
SQL injection in Apache Traffic Control
Critical
CVE-2024-45387
was published
for
github.com/apache/trafficcontrol/v8
(Go)
Dec 23, 2024
Cross-site Scripting vulnerability in SimpleXLSXEx::readThemeColors, SimpleXLSXEx::getColorValue and SimpleXLSX::toHTMLEx
Moderate
CVE-2024-56364
was published
for
shuchkin/simplexlsx
(Composer)
Dec 23, 2024
Jinja has a sandbox breakout through indirect reference to format method
Moderate
CVE-2024-56326
was published
for
jinja2
(pip)
Dec 23, 2024
Jinja has a sandbox breakout through malicious filenames
Moderate
CVE-2024-56201
was published
for
jinja2
(pip)
Dec 23, 2024
Remote Command Execution in file editing in gogs
High
CVE-2024-54148
was published
for
gogs.io/gogs
(Go)
Dec 23, 2024
Path Traversal in file update API in gogs
High
CVE-2024-55947
was published
for
gogs.io/gogs
(Go)
Dec 23, 2024
Gogs has an argument Injection in the built-in SSH server
Critical
CVE-2024-39930
was published
for
gogs.io/gogs
(Go)
Dec 23, 2024
Gogs allows argument injection during the previewing of changes
Critical
CVE-2024-39932
was published
for
gogs.io/gogs
(Go)
Dec 23, 2024
Gogs allows deletion of internal files
Critical
CVE-2024-39931
was published
for
gogs.io/gogs
(Go)
Dec 23, 2024
Gogs allows argument Injection when tagging new releases
High
CVE-2024-39933
was published
for
gogs.io/gogs
(Go)
Dec 23, 2024
Duplicate Advisory: github.com/gogs/gogs affected by CVE-2024-39930
Critical
GHSA-p69r-v3h4-rj4f
was published
for
github.com/gogs/gogs
(Go)
Jul 4, 2024
•
withdrawn
Duplicate Advisory: Gogs allows argument injection during the previewing of changes
Critical
GHSA-hf29-9hfh-w63j
was published
for
github.com/gogs/gogs
(Go)
Jul 4, 2024
•
withdrawn
Duplicate Advisory: Gogs allows deletion of internal files
Critical
GHSA-2vgj-3pvg-xh4w
was published
for
github.com/gogs/gogs
(Go)
Jul 4, 2024
•
withdrawn
Duplicate Advisory: Gogs allows argument injection during the tagging of a new release
High
GHSA-8mm6-wmpp-mmm3
was published
for
github.com/gogs/gogs
(Go)
Jul 4, 2024
•
withdrawn
Unsoundness in `Iterator` and `DoubleEndedIterator` impls for `glib::VariantStrIter`
Moderate
GHSA-wrw7-89jp-8q8g
was published
for
glib
(Rust)
Dec 23, 2024
Navidrome Stores JWT Secret in Plaintext in navidrome.db
High
CVE-2024-56362
was published
for
github.com/navidrome/navidrome
(Go)
Dec 23, 2024
Cross Site Scripting (XSS) vulnerability while uploading content to a new deployment
Moderate
GHSA-64gp-r758-8pfm
was published
for
org.jboss.hal:hal-console
(Maven)
Dec 23, 2024
libafl has unsound usages of `core::slice::from_raw_parts_mut`
Moderate
GHSA-f7qj-v3vp-4856
was published
for
libafl
(Rust)
Dec 23, 2024
Unsound usages of `u8` type casting in spl-token-swap
Moderate
GHSA-h6xm-c6r4-vmwf
was published
for
spl-token-swap
(Rust)
Dec 23, 2024
Undefined behaviour in `kvm_ioctls::ioctls::vm::VmFd::create_device`
Moderate
GHSA-3qx8-rv27-j6gp
was published
for
kvm-ioctls
(Rust)
Dec 23, 2024
Keycloak mTLS Authentication Bypass via Reverse Proxy TLS Termination
High
CVE-2024-10039
was published
for
org.keycloak:keycloak-core
(Maven)
Nov 25, 2024
Netty vulnerability included in redis lettuce
Moderate
GHSA-q4h9-7rxj-7gx2
was published
for
io.lettuce:lettuce-core
(Maven)
Dec 2, 2024
veraPDF CLI has potential XXE (XML External Entity Injection) vulnerability
Low
CVE-2024-52800
was published
for
org.verapdf:core
(Maven)
Dec 2, 2024
ASA-2024-0012, ASA-2024-0013: CosmosSDK: Transaction decoding may result in a stack overflow or resource exhaustion
High
GHSA-8wcc-m6j2-qxvm
was published
for
cosmossdk.io/x/tx
(Go)
Dec 16, 2024
ProTip!
Advisories are also available from the
GraphQL API