GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,108
Erlang
29
GitHub Actions
19
Go
1,925
Maven
5,000+
npm
3,664
NuGet
642
pip
3,265
Pub
10
RubyGems
873
Rust
823
Swift
35
Unreviewed advisories
All unreviewed
5,000+
20,227 advisories
Filter by severity
OpenC3 Cross-site Scripting in Login functionality (`GHSL-2024-128`)
Moderate
CVE-2024-43795
was published
for
@openc3/tool-common
(RubyGems)
Oct 2, 2024
Jenkins item creation restriction bypass vulnerability
Moderate
CVE-2024-47804
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
Oct 2, 2024
Jenkins OpenId Connect Authentication Plugin lacks issuer claim validation
Critical
CVE-2024-47807
was published
for
org.jenkins-ci.plugins:oic-auth
(Maven)
Oct 2, 2024
Jenkins OpenId Connect Authentication Plugin lacks audience claim validation
Critical
CVE-2024-47806
was published
for
org.jenkins-ci.plugins:oic-auth
(Maven)
Oct 2, 2024
Jenkins exposes multi-line secrets through error messages
Moderate
CVE-2024-47803
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
Oct 2, 2024
Jenkins Credentials plugin reveals encrypted values of credentials to users with Extended Read permission
Moderate
CVE-2024-47805
was published
for
org.jenkins-ci.plugins:credentials
(Maven)
Oct 2, 2024
Inventree Server-Side Request Forgery vulnerability exposes server port/internal IP
Moderate
GHSA-vx3h-qwqw-r2wq
was published
for
inventree
(pip)
Oct 2, 2024
Duplicate Advisory: Juju makes Use of Weak Credentials
High
GHSA-phh4-3hmm-24rx
was published
for
github.com/juju/juju
(Go)
Oct 2, 2024
•
withdrawn
Duplicate Advisory: Vulnerable juju hook tool abstract UNIX domain socket
Moderate
GHSA-fc27-7pf5-96v3
was published
for
github.com/juju/juju
(Go)
Oct 2, 2024
•
withdrawn
Duplicate Advisory: Juju Unprotected Alternate Channel vulnerability
High
GHSA-85qf-6845-m8p2
was published
for
github.com/juju/juju
(Go)
Oct 2, 2024
•
withdrawn
cocoon Reuses a Nonce, Key Pair in Encryption
Moderate
CVE-2024-21530
was published
for
cocoon
(Rust)
Oct 2, 2024
Portainer improperly uses an encryption algorithm in the AesEncrypt function
High
CVE-2024-33662
was published
for
github.com/portainer/portainer
(Go)
Oct 2, 2024
Tonic has remotely exploitable denial of service vulnerability
Moderate
CVE-2024-47609
was published
for
tonic
(Rust)
Oct 1, 2024
LibreNMS vulnerable to Stored Cross-site Scripting via File Upload
Low
CVE-2024-47528
was published
for
librenms/librenms
(Composer)
Oct 1, 2024
Improper Input Validation in Buildah and Podman
Moderate
CVE-2024-9407
was published
for
github.com/containers/buildah
(Go)
Oct 1, 2024
Link Following in github.com/containers/common
Moderate
CVE-2024-9341
was published
for
github.com/containers/common
(Go)
Oct 1, 2024
Golang FIPS OpenSSL has a Use of Uninitialized Variable vulnerability
High
CVE-2024-9355
was published
for
github.com/golang-fips/openssl/v2
(Go)
Oct 1, 2024
LibreNMS has Stored Cross-site Scripting vulnerability in "Alert Transports" feature
Moderate
CVE-2024-47523
was published
for
librenms/librenms
(Composer)
Oct 1, 2024
LibreNMS has Stored Cross-site Scripting vulnerability in "Device Group" Name
High
CVE-2024-47524
was published
for
librenms/librenms
(Composer)
Oct 1, 2024
LibreNMS has Stored Cross-site Scripting vulnerability in "Alert Rules" feature
Moderate
CVE-2024-47525
was published
for
librenms/librenms
(Composer)
Oct 1, 2024
LibreNMS has Stored Cross-site Scripting vulnerability in "Alert Templates" feature
Low
CVE-2024-47526
was published
for
librenms/librenms
(Composer)
Oct 1, 2024
LibreNMS has Stored Cross-site Scripting vulnerability in "Device Dependencies" feature
Moderate
CVE-2024-47527
was published
for
librenms/librenms
(Composer)
Oct 1, 2024
Decidim has a cross-site scripting vulnerability in the version control page
High
CVE-2024-41673
was published
for
decidim
(RubyGems)
Oct 1, 2024
Incorrect delegation lookups can make go-tuf download the wrong artifact
High
CVE-2024-47534
was published
for
github.com/theupdateframework/go-tuf/v2
(Go)
Oct 1, 2024
Pagekit Cross-site Scripting vulnerability
Moderate
CVE-2024-45967
was published
for
pagekit/pagekit
(Composer)
Oct 1, 2024
ProTip!
Advisories are also available from the
GraphQL API