Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,904
Maven
5,000+
npm
3,634
NuGet
638
pip
3,250
Pub
10
RubyGems
867
Rust
819
Swift
35
Unreviewed advisories
All unreviewed
5,000+

8,918 advisories

Loading
Apache Answer: Avatar URL leaked user email addresses Moderate
CVE-2024-40761 was published for github.com/apache/incubator-answer (Go) Sep 25, 2024
oscerd
Spring Framework DoS via conditional HTTP request Moderate
CVE-2024-38809 was published for org.springframework:spring-web (Maven) Sep 24, 2024
Camaleon CMS vulnerable to stored XSS through user file upload (GHSL-2024-184) Moderate
GHSA-8fx8-3rg2-79xw was published for camaleon_cms (RubyGems) Sep 23, 2024
Ouch! allows a segmentation fault due to use of uninitialized memory Moderate
GHSA-2wq5-g96f-mv3v was published for ouch (Rust) Sep 23, 2024
Prevent XSS from Confidant API call Moderate
CVE-2024-45793 was published for confidant (pip) Sep 20, 2024
whu-lyft meng-han
alejandroroiz achantavy heryxpc anshumanbh bstewart-lyft reindaelman
Puma's header normalization allows for client to clobber proxy set headers Moderate
CVE-2024-45614 was published for puma (RubyGems) Sep 20, 2024
Reverb use after free vulnerability Moderate
CVE-2024-8375 was published for dm-reverb (pip) Sep 19, 2024
Keycloak Open Redirect vulnerability Moderate
CVE-2024-8883 was published for org.keycloak:keycloak-services (Maven) Sep 19, 2024
DOM Clobbering Gadget found in Rspack's AutoPublicPathRuntimeModule that leads to XSS Moderate
GHSA-84jw-g43v-8gjm was published for @rspack/core (npm) Sep 19, 2024
jackfromeast ishmeals
ZITADEL Allows Unauthorized Access After Organization or Project Deactivation Moderate
CVE-2024-47060 was published for github.com/zitadel/zitadel/v2 (Go) Sep 19, 2024
prdp1137 livio-a
fforootd
Mautic allows users enumeration due to weak password login Moderate
CVE-2024-47059 was published for mautic/core (Composer) Sep 18, 2024
tomekkowalczyk patrykgruszka
escopecz rafibz007
Mautic vulnerable to XSS in contact/company tracking (no authentication) Moderate
CVE-2024-47050 was published for mautic/core (Composer) Sep 18, 2024
mqrtin patrykgruszka
lenonleite escopecz
Directus vulnerable to SSRF Loopback IP filter bypass Moderate
CVE-2024-46990 was published for @directus/api (npm) Sep 18, 2024
r3dpower
Camaleon CMS vulnerable to stored XSS through user file upload (GHSL-2024-184) Moderate
GHSA-r9cr-qmfw-pmrc was published for camaleon_cms (RubyGems) Sep 18, 2024
texpert
org.xwiki.platform:xwiki-platform-notifications-ui leaks data of notification filters of users Moderate
CVE-2024-46979 was published for org.xwiki.platform:xwiki-platform-notifications-ui (Maven) Sep 18, 2024
org.xwiki.platform:xwiki-platform-notifications-ui is missing checks for notification filter preferences editions Moderate
CVE-2024-46978 was published for org.xwiki.platform:xwiki-platform-notifications-ui (Maven) Sep 18, 2024
floerer
Keycloak Services has a potential bypass of brute force protection Moderate
CVE-2024-4629 was published for org.keycloak:keycloak-services (Maven) Sep 17, 2024
Devise-Two-Factor Authentication Uses Insufficient Default OTP Shared Secret Length Moderate
CVE-2024-8796 was published for devise-two-factor (RubyGems) Sep 17, 2024
syntacticNaCl mark-adams
@backstage/plugin-techdocs-backend vulnerable to circumvention of cross site scripting protection Moderate
CVE-2024-46976 was published for @backstage/plugin-techdocs-backend (npm) Sep 17, 2024
Concrete CMS stored XSS vulnerability in the "Top Navigator Bar" block Moderate
CVE-2024-8660 was published for concrete5/concrete5 (Composer) Sep 17, 2024
heap-buffer-overflow in MicroPython Moderate
CVE-2024-8948 was published for micropython-copy (pip) Sep 17, 2024
@backstage/plugin-techdocs-backend storage bucket Directory Traversal vulnerability Moderate
CVE-2024-45816 was published for @backstage/plugin-techdocs-backend (npm) Sep 17, 2024
@backstage/plugin-catalog-backend Prototype Pollution vulnerability Moderate
CVE-2024-45815 was published for @backstage/plugin-catalog-backend (npm) Sep 17, 2024
Vite DOM Clobbering gadget found in vite bundled scripts that leads to XSS Moderate
CVE-2024-45812 was published for vite (npm) Sep 17, 2024
jackfromeast ishmeals
Vite's `server.fs.deny` is bypassed when using `?import&raw` Moderate
CVE-2024-45811 was published for vite (npm) Sep 17, 2024
adi1
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database