Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,080
Erlang
29
GitHub Actions
19
Go
1,908
Maven
5,000+
npm
3,642
NuGet
638
pip
3,258
Pub
10
RubyGems
869
Rust
820
Swift
35
Unreviewed advisories
All unreviewed
5,000+

7,043 advisories

Loading
Remote command execution in promptr High
CVE-2024-46489 was published for @ifnotnowwhen/promptr (npm) Sep 25, 2024
Jeecg boot arbitrary file read vulnerability High
CVE-2023-41578 was published for org.jeecgframework.boot:jeecg-boot-parent (Maven) Sep 8, 2023
Vault SSH Secrets Engine Configuration Did Not Restrict Valid Principals By Default High
CVE-2024-7594 was published for github.com/hashicorp/vault (Go) Sep 26, 2024
Consul JWT Auth in L7 Intentions Allow for Mismatched Service Identity and JWT Providers High
CVE-2023-3518 was published for github.com/hashicorp/consul (Go) Aug 9, 2023
anonymous4ACL24
Hashicorp Consul allows user with service:write permissions to patch remote proxy instances High
CVE-2023-2816 was published for github.com/hashicorp/consul (Go) Jun 3, 2023
Rancher agents can be hijacked by taking over the Rancher Server URL High
CVE-2024-22030 was published for github.com/rancher/rancher (Go) Sep 26, 2024
DOM Clobbering Gadget found in rollup bundled scripts that leads to XSS High
CVE-2024-47068 was published for rollup (npm) Sep 23, 2024
jackfromeast ishmeals
HashiCorp Nomad vulnerable to symlink attacks High
CVE-2024-1329 was published for github.com/hashicorp/nomad (Go) Feb 8, 2024
MoinMoin improper sanitizes user profiles High
CVE-2010-0669 was published for moin (pip) May 2, 2022
Openstack Neutron has Insufficient Verification of IPv6 addresses High
CVE-2021-20267 was published for neutron (pip) May 24, 2022
Improper Access Control in novajoin High
CVE-2019-10138 was published for novajoin (pip) Mar 12, 2020
Command Injection in Nuitka High
CVE-2022-2054 was published for Nuitka (pip) Jun 13, 2022
Inefficient Regular Expression Complexity in nltk (word_tokenize, sent_tokenize) High
CVE-2021-43854 was published for nltk (pip) Jan 6, 2022
tomaarsen raffienficiaud
NLTK Vulnerable to REDoS High
CVE-2021-3842 was published for nltk (pip) Jan 6, 2022
OpenStack Nova Live migration fails to update persistent domain XML High
CVE-2020-17376 was published for nova (pip) May 24, 2022
github.com/containers/image allows unexpected authenticated registry accesses High
CVE-2024-3727 was published for github.com/containers/image (Go) May 14, 2024
RTann
StimulusReflex arbitrary method call High
CVE-2024-28121 was published for stimulus_reflex (RubyGems) Mar 12, 2024
FelixMartel marcoroth
matt-phylum
Nautobot vulnerable to remote code execution via Jinja2 template rendering High
CVE-2023-25657 was published for nautobot (pip) Feb 22, 2023
OpensStack Neutron Denial of Service Vulnerability High
CVE-2018-14635 was published for neutron (pip) May 13, 2022
OpenStack Mistral DoS High
CVE-2018-16848 was published for mistral (pip) May 24, 2022
Mistune vulnerable to catastrophic backtracking High
CVE-2022-34749 was published for mistune (pip) Jul 26, 2022
sersorrel
Incorrect header handling in mod-wsgi High
CVE-2022-2255 was published for mod-wsgi (pip) Aug 26, 2022
MoinMoin has improper default configuration High
CVE-2010-0717 was published for moin (pip) May 2, 2022
mindsdb arbitrary file write when extracting a remotely retrieved Tarball High
CVE-2023-30620 was published for mindsdb (pip) Mar 30, 2023
Sim4n6
Keycloak Open Redirect vulnerability High
CVE-2024-8883 was published for org.keycloak:keycloak-services (Maven) Sep 19, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database