GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,108
Erlang
29
GitHub Actions
19
Go
1,925
Maven
5,000+
npm
3,664
NuGet
642
pip
3,266
Pub
10
RubyGems
873
Rust
823
Swift
35
Unreviewed advisories
All unreviewed
5,000+
20,228 advisories
Filter by severity
Microsoft Security Advisory CVE-2024-43485 | .NET Denial of Service Vulnerability
High
CVE-2024-43485
was published
for
System.Text.Json
(NuGet)
Oct 8, 2024
Microsoft Security Advisory CVE-2024-43484 | .NET Denial of Service Vulnerability
High
CVE-2024-43484
was published
for
System.IO.Packaging
(NuGet)
Oct 8, 2024
Microsoft Security Advisory CVE-2024-43483 | .NET Denial of Service Vulnerability
High
CVE-2024-43483
was published
for
System.IO.Packaging
(NuGet)
Oct 8, 2024
Django allows enumeration of user e-mail addresses
Moderate
CVE-2024-45231
was published
for
Django
(pip)
Oct 8, 2024
Django vulnerable to denial-of-service attack via the urlize() and urlizetrunc() template filters
Moderate
CVE-2024-45230
was published
for
Django
(pip)
Oct 8, 2024
Microsoft Security Advisory CVE-2024-38229 | .NET Remote Code Execution Vulnerability
High
CVE-2024-38229
was published
for
Microsoft.AspNetCore.App.Runtime.linux-arm
(NuGet)
Oct 8, 2024
Information Disclosure in TYPO3 Page Tree
Low
CVE-2024-47780
was published
for
typo3/cms-backend
(Composer)
Oct 8, 2024
ggit is vulnerable to Arbitrary Argument Injection via the clone() API
Moderate
CVE-2024-21533
was published
for
ggit
(npm)
Oct 8, 2024
SAP HANA Node.js client package vulnerable to Prototype Pollution
Moderate
CVE-2024-45277
was published
for
@sap/hana-client
(npm)
Oct 8, 2024
ggit is vulnerable to Command Injection via the fetchTags(branch) API
Moderate
CVE-2024-21532
was published
for
ggit
(npm)
Oct 8, 2024
LimeSurvey Cross Site Scripting vulnerability
Moderate
CVE-2024-28710
was published
for
limesurvey/limesurvey
(Composer)
Oct 7, 2024
Krayin CRM vulnerable to Cross Site Scripting (XSS) via the organization name
Moderate
CVE-2024-45932
was published
for
krayin/laravel-crm
(Composer)
Oct 7, 2024
LimeSurvey Cross Site Scripting vulnerability
Moderate
CVE-2024-28709
was published
for
limesurvey/limesurvey
(Composer)
Oct 7, 2024
XXE in PHPSpreadsheet's XLSX reader
High
CVE-2024-45293
was published
for
phpoffice/phpspreadsheet
(Composer)
Oct 7, 2024
PhpSpreadsheet HTML writer is vulnerable to Cross-Site Scripting via JavaScript hyperlinks
Moderate
CVE-2024-45292
was published
for
phpoffice/phpspreadsheet
(Composer)
Oct 7, 2024
PhpSpreadsheet allows absolute path traversal and Server-Side Request Forgery in HTML writer when embedding images is enabled
Moderate
CVE-2024-45291
was published
for
phpoffice/phpspreadsheet
(Composer)
Oct 7, 2024
PhpSpreadsheet allows absolute path traversal and Server-Side Request Forgery when opening XLSX file
High
CVE-2024-45290
was published
for
phpoffice/phpspreadsheet
(Composer)
Oct 7, 2024
Saltcorn Server Stored Cross-Site Scripting (XSS) in event logs page
Moderate
GHSA-pf56-h9qf-rxq4
was published
for
@saltcorn/server
(npm)
Oct 7, 2024
Saltcorn Server allows logged-in users to delete arbitrary files because of a path traversal vulnerability
High
CVE-2024-47818
was published
for
@saltcorn/server
(npm)
Oct 7, 2024
Lara-zeus Dynamic Dashboard and Artemis do not validate paragraph widget values which can be used for XSS
Moderate
CVE-2024-47817
was published
for
lara-zeus/artemis
(Composer)
Oct 7, 2024
PhpSpreadsheet has an Unauthenticated Cross-Site-Scripting (XSS) in sample file
Moderate
CVE-2024-45060
was published
for
phpoffice/phpspreadsheet
(Composer)
Oct 7, 2024
Mediawiki Cargo extension vulnerable to Cross-site Scripting
Moderate
CVE-2024-47847
was published
for
mediawiki/cargo
(Composer)
Oct 5, 2024
cookie accepts cookie name, path, and domain with out of bounds characters
Low
CVE-2024-47764
was published
for
cookie
(npm)
Oct 4, 2024
Minecraft MOTD Parser's HtmlGenerator vulnerable to XSS
Moderate
CVE-2024-47765
was published
for
dev-lancer/minecraft-motd-parser
(Composer)
Oct 4, 2024
Parse Server's custom object ID allows to acquire role privileges
High
CVE-2024-47183
was published
for
parse-server
(npm)
Oct 4, 2024
ProTip!
Advisories are also available from the
GraphQL API