GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,080
Erlang
29
GitHub Actions
19
Go
1,908
Maven
5,000+
npm
3,642
NuGet
638
pip
3,258
Pub
10
RubyGems
869
Rust
820
Swift
35
Unreviewed advisories
All unreviewed
5,000+
7,043 advisories
Filter by severity
Remote command execution in promptr
High
CVE-2024-46489
was published
for
@ifnotnowwhen/promptr
(npm)
Sep 25, 2024
Jeecg boot arbitrary file read vulnerability
High
CVE-2023-41578
was published
for
org.jeecgframework.boot:jeecg-boot-parent
(Maven)
Sep 8, 2023
Vault SSH Secrets Engine Configuration Did Not Restrict Valid Principals By Default
High
CVE-2024-7594
was published
for
github.com/hashicorp/vault
(Go)
Sep 26, 2024
Consul JWT Auth in L7 Intentions Allow for Mismatched Service Identity and JWT Providers
High
CVE-2023-3518
was published
for
github.com/hashicorp/consul
(Go)
Aug 9, 2023
Hashicorp Consul allows user with service:write permissions to patch remote proxy instances
High
CVE-2023-2816
was published
for
github.com/hashicorp/consul
(Go)
Jun 3, 2023
Rancher agents can be hijacked by taking over the Rancher Server URL
High
CVE-2024-22030
was published
for
github.com/rancher/rancher
(Go)
Sep 26, 2024
DOM Clobbering Gadget found in rollup bundled scripts that leads to XSS
High
CVE-2024-47068
was published
for
rollup
(npm)
Sep 23, 2024
HashiCorp Nomad vulnerable to symlink attacks
High
CVE-2024-1329
was published
for
github.com/hashicorp/nomad
(Go)
Feb 8, 2024
MoinMoin improper sanitizes user profiles
High
CVE-2010-0669
was published
for
moin
(pip)
May 2, 2022
Openstack Neutron has Insufficient Verification of IPv6 addresses
High
CVE-2021-20267
was published
for
neutron
(pip)
May 24, 2022
Improper Access Control in novajoin
High
CVE-2019-10138
was published
for
novajoin
(pip)
Mar 12, 2020
Inefficient Regular Expression Complexity in nltk (word_tokenize, sent_tokenize)
High
CVE-2021-43854
was published
for
nltk
(pip)
Jan 6, 2022
OpenStack Nova Live migration fails to update persistent domain XML
High
CVE-2020-17376
was published
for
nova
(pip)
May 24, 2022
github.com/containers/image allows unexpected authenticated registry accesses
High
CVE-2024-3727
was published
for
github.com/containers/image
(Go)
May 14, 2024
StimulusReflex arbitrary method call
High
CVE-2024-28121
was published
for
stimulus_reflex
(RubyGems)
Mar 12, 2024
Nautobot vulnerable to remote code execution via Jinja2 template rendering
High
CVE-2023-25657
was published
for
nautobot
(pip)
Feb 22, 2023
OpensStack Neutron Denial of Service Vulnerability
High
CVE-2018-14635
was published
for
neutron
(pip)
May 13, 2022
Mistune vulnerable to catastrophic backtracking
High
CVE-2022-34749
was published
for
mistune
(pip)
Jul 26, 2022
Incorrect header handling in mod-wsgi
High
CVE-2022-2255
was published
for
mod-wsgi
(pip)
Aug 26, 2022
MoinMoin has improper default configuration
High
CVE-2010-0717
was published
for
moin
(pip)
May 2, 2022
mindsdb arbitrary file write when extracting a remotely retrieved Tarball
High
CVE-2023-30620
was published
for
mindsdb
(pip)
Mar 30, 2023
Keycloak Open Redirect vulnerability
High
CVE-2024-8883
was published
for
org.keycloak:keycloak-services
(Maven)
Sep 19, 2024
ProTip!
Advisories are also available from the
GraphQL API