Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
1,998
Maven
5,000+
npm
3,710
NuGet
661
pip
3,364
Pub
11
RubyGems
885
Rust
846
Swift
36
Unreviewed advisories
All unreviewed
5,000+

20,678 advisories

Loading
Cross Site Scripting vulnerability in Snipe-IT High
CVE-2024-51093 was published for snipe/snipe-it (Composer) Nov 12, 2024
Zoraxy has an authenticated command injection in the Web SSH feature High
CVE-2024-52010 was published for github.com/tobychui/zoraxy (Go) Nov 12, 2024
n-thumann
Mimalloc Can Allocate Memory with Bad Alignment Moderate
GHSA-g23h-7vf9-xc25 was published for mimalloc (Rust) Nov 12, 2024
paillier-zk has ambiguous challenge derivation Low
GHSA-fpr5-jp2j-4q2f was published for paillier-zk (Rust) Nov 12, 2024
cggmp21 vulnerable to ambiguous challenge derivation Low
GHSA-rm66-9gh4-4gp8 was published for cggmp21 (Rust) Nov 12, 2024
`simd-json-derive` vulnerable to `MaybeUninit` misuse Moderate
GHSA-pqpw-89w5-82v5 was published for simd-json-derive (Rust) Nov 12, 2024
cggmp21-keygen has ambiguous challenge derivation Low
GHSA-7jjx-3qw9-j6h6 was published for cggmp21-keygen (Rust) Nov 12, 2024
`fast-float` has multiple soundness issues Low
GHSA-x8jh-xj3x-gx3c was published for fast-float (Rust) Nov 12, 2024
Orchid Platform has Method Exposure Vulnerability in Modals Moderate
CVE-2024-51992 was published for orchid/platform (Composer) Nov 12, 2024
catferq
matrix-js-sdk has insufficient MXC URI validation which allows client-side path traversal Moderate
CVE-2024-50336 was published for matrix-js-sdk (npm) Nov 12, 2024
Denial of Service attack on windows app using netty High
CVE-2024-47535 was published for io.netty:netty-common (Maven) Nov 12, 2024
Amossys-PGR
Decidim-Awesome has SQL injection in AdminAccountability High
CVE-2024-43415 was published for decidim-decidim_awesome (RubyGems) Nov 12, 2024
whotwagner
Duplicate Advisory: .NET and Visual Studio Remote Code Execution Vulnerability Critical
GHSA-8rxm-6783-qh55 was published for System.Formats.Nrbf (NuGet) Nov 12, 2024 withdrawn
Duplicate Advisory: .NET and Visual Studio Denial of Service Vulnerability High
GHSA-wmm6-pgp8-29hg was published for System.Formats.Nrbf (NuGet) Nov 12, 2024 withdrawn
Ansible-Core vulnerable to content protections bypass Low
CVE-2024-11079 was published for ansible-core (pip) Nov 12, 2024
powertac-server XML External Entity vulnerability High
CVE-2024-51135 was published for org.powertac:server-interface (Maven) Nov 11, 2024
Moodle Cross-site Scripting vulnerability Low
CVE-2024-43437 was published for moodle/moodle (Composer) Nov 11, 2024
Moodle admin presets export tool includes some secrets that should not be exported Low
CVE-2024-43427 was published for moodle/moodle (Composer) Nov 11, 2024
Moodle has user information visibility control issues in gradebook reports Low
CVE-2024-43429 was published for moodle/moodle (Composer) Nov 11, 2024
Moodle has insufficient capability checks Low
CVE-2024-43435 was published for moodle/moodle (Composer) Nov 11, 2024
Moodle's user/power level management inconsistent with suspended users Low
CVE-2024-43433 was published for moodle/moodle (Composer) Nov 11, 2024
Moodle has insufficient access control Low
CVE-2024-43430 was published for moodle/moodle (Composer) Nov 11, 2024
Moodle authorization headers preserved between "emulated redirects" Low
CVE-2024-43432 was published for moodle/moodle (Composer) Nov 11, 2024
wasm3 uncontrolled memory allocation vulnerability Moderate
CVE-2024-27529 was published for github.com/shareup/wasm-interpreter-apple (pip) Nov 9, 2024
Git credentials are exposed in Atlantis logs High
CVE-2024-52009 was published for github.com/runatlantis/atlantis (Go) Nov 8, 2024
niooss-ledger
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database