Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,272
Erlang
31
GitHub Actions
21
Go
2,047
Maven
5,000+
npm
3,739
NuGet
668
pip
3,415
Pub
12
RubyGems
891
Rust
868
Swift
36
Unreviewed advisories
All unreviewed
5,000+

20,927 advisories

Loading
Denial of service (DoS) via deformation `multipart/form-data` boundary High
CVE-2024-53981 was published for python-multipart (pip) Dec 2, 2024
Startr4ck defnull
mnqazi
Backstage Scaffolder plugin vulnerable to Server-Side Request Forgery Moderate
CVE-2024-53983 was published for @backstage/plugin-scaffolder-node (npm) Dec 2, 2024
`ruzstd` uninit and out-of-bounds memory reads Moderate
GHSA-x3f4-45xf-rjm7 was published for ruzstd (Rust) Dec 2, 2024
Mongoose search injection vulnerability High
CVE-2024-53900 was published for mongoose (npm) Dec 2, 2024
balles skrtheboss
hull.js Code Injection Vulnerability Critical
GHSA-q849-wxrc-vqrp was published for hull.js (npm) Dec 2, 2024
mcoimbra filipeom
AsyncHttpClient (AHC) library's `CookieStore` replaces explicitly defined `Cookie`s Critical
CVE-2024-53990 was published for org.asynchttpclient:async-http-client (Maven) Dec 2, 2024
pickypg
Netty vulnerability included in redis lettuce Moderate
GHSA-q4h9-7rxj-7gx2 was published for io.lettuce:lettuce-core (Maven) Dec 2, 2024
gmcallister-r7
SimpleSAMLphp vulnerable to XXE in parsing SAML messages High
GHSA-j5g2-q29x-cw3h was published for simplesamlphp/simplesamlphp (Composer) Dec 2, 2024 withdrawn
ahacker1-securesaml
ibexa/post-install affected by Breach with Varnish VCL Moderate
GHSA-4h8f-c635-25p7 was published for ibexa/post-install (Composer) Dec 2, 2024
ibexa/http-cache affected by Breach with Varnish VCL Moderate
GHSA-fh7v-q458-7vmw was published for ibexa/http-cache (Composer) Dec 2, 2024
ezsystems/ezplatform-http-cache affected by Breach with Varnish VCL Moderate
GHSA-mgfg-7533-7jf6 was published for ezsystems/ezplatform-http-cache (Composer) Dec 2, 2024
Python package "zhmcclient" stores passwords in clear text in its HMC and API logs Moderate
CVE-2024-53865 was published for zhmcclient (pip) Dec 2, 2024
andy-maier
Ibexa Admin UI vulnerable to Cross-site Scripting in a field that is used in the Content name pattern Moderate
CVE-2024-53864 was published for ibexa/admin-ui (Composer) Dec 2, 2024
PyJWT Issuer field partial matches allowed Low
CVE-2024-53861 was published for PyJWT (pip) Dec 2, 2024
fabianbadoi
check-jsonschema default caching for remote schemas allows for cache confusion Moderate
CVE-2024-53848 was published for check-jsonschema (pip) Dec 2, 2024
sethmlarson sirosen
quic-go affected by an ICMP Packet Too Large Injection Attack on Linux Moderate
CVE-2024-53259 was published for github.com/quic-go/quic-go (Go) Dec 2, 2024
@intlify/shared Prototype Pollution vulnerability Moderate
CVE-2024-52810 was published for @intlify/shared (npm) Dec 2, 2024
BobbieGoede
vue-i18n has cross-site scripting vulnerability with prototype pollution Moderate
CVE-2024-52809 was published for @intlify/core (npm) Dec 2, 2024
BobbieGoede
SimpleSAMLphp SAML2 has an XXE in parsing SAML messages Moderate
CVE-2024-52806 was published for simplesamlphp/saml2 (Composer) Dec 2, 2024
ahacker1-securesaml
sftpgo vulnerable to brute force takeover of OpenID Connect session cookies Moderate
CVE-2024-52801 was published for github.com/drakkan/sftpgo/v2 (Go) Dec 2, 2024
denisvr72
veraPDF CLI has potential XXE (XML External Entity Injection) vulnerability Low
CVE-2024-52800 was published for org.verapdf:core (Maven) Dec 2, 2024
SimpleSAMLphp xml-common XXE vulnerability High
CVE-2024-52596 was published for simplesamlphp/xml-common (Composer) Dec 2, 2024
ahacker1-securesaml
Traefik's X-Forwarded-Prefix Header still allows for Open Redirect Moderate
CVE-2024-52003 was published for github.com/traefik/traefik/v2 (Go) Dec 2, 2024
kunte0
Spring Framework has Authorization Bypass for Case Sensitive Comparisons Moderate
CVE-2024-38827 was published for org.springframework:spring-beans (Maven) Dec 2, 2024
Withdrawn Advisory: Symfony's VarDumper vulnerable to unsafe deserialization High
CVE-2024-36610 was published for symfony/var-dumper (Composer) Nov 29, 2024 withdrawn
jderusse
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database