Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
1,996
Maven
5,000+
npm
3,710
NuGet
661
pip
3,361
Pub
11
RubyGems
885
Rust
846
Swift
36
Unreviewed advisories
All unreviewed
5,000+

20,673 advisories

Loading
GeoNode Server Side Request forgery High
CVE-2023-40017 was published for geonode (pip) Nov 21, 2024
ImThatT
Flowise OverrideConfig security vulnerability High
GHSA-5cph-wvm9-45gj was published for flowise (npm) Nov 21, 2024
ryanhalliday
LLama Factory Remote OS Command Injection Vulnerability High
CVE-2024-52803 was published for llamafactory (pip) Nov 21, 2024
superboy-zjc
Searching Opencast may cause a denial of service Moderate
CVE-2024-52797 was published for org.opencastproject:opencast-elasticsearch-impl (Maven) Nov 20, 2024
Litestar allows unbounded resource consumption (DoS vulnerability) High
CVE-2024-52581 was published for litestar (pip) Nov 20, 2024
defnull
Querydsl SQL/HQL injection High
CVE-2024-49203 was published for com.querydsl:querydsl-apt (Maven) Nov 20, 2024
cert-manager ha a potential slowdown / DoS when parsing specially crafted PEM inputs Moderate
GHSA-r4pg-vg54-wxx4 was published for github.com/cert-manager/cert-manager (Go) Nov 20, 2024
Rancher Helm Applications may have sensitive values leaked Moderate
CVE-2024-52282 was published for github.com/rancher/rancher (Go) Nov 20, 2024
Password Pusher rate limiter can be bypassed by forging proxy headers Moderate
CVE-2024-52796 was published for pwpush (RubyGems) Nov 20, 2024
ASA-2024-010: cosmossdk.io/math: Mismatched bit-length validation in sdk.Int and sdk.Dec can lead to panic High
GHSA-7225-m954-23v7 was published for cosmossdk.io/math (Go) Nov 20, 2024
github.com/rancher/steve's users can issue watch commands for arbitrary resources High
CVE-2024-52280 was published for github.com/rancher/steve (Go) Nov 20, 2024
django Filer Unrestricted Upload of File with Dangerous Type Moderate
CVE-2024-11404 was published for django-filer (pip) Nov 20, 2024
Moodle allows users to retrieve information they did not have permission to access Moderate
CVE-2024-45689 was published for moodle/moodle (Composer) Nov 20, 2024
django CMS Attributes Field Cross-site Scripting Moderate
CVE-2024-11406 was published for djangocms-attributes-field (pip) Nov 20, 2024
Moodle IDOR when deleting OAuth2 linked accounts Moderate
CVE-2024-45690 was published for moodle/moodle (Composer) Nov 20, 2024
Moodle Lesson activity password bypass through PHP loose comparison Moderate
CVE-2024-45691 was published for moodle/moodle (Composer) Nov 20, 2024
Moodle IDOR when accessing list of course badges Moderate
CVE-2024-48899 was published for moodle/moodle (Composer) Nov 20, 2024
HTML Cleaner allows crafted scripts in special contexts like svg or math to pass through High
CVE-2024-52595 was published for lxml-html-clean (pip) Nov 19, 2024
JorianWoltjer frenzymadness
Rclone has Improper Permission and Ownership Handling on Symlink Targets with --links and --metadata Moderate
CVE-2024-52522 was published for github.com/rclone/rclone (Go) Nov 19, 2024
hakong ncw
Redaxo Core CMS Cross Site Scripting (XSS) Moderate
CVE-2024-50803 was published for redaxo/source (Composer) Nov 19, 2024
Statamic CMS has a Path Traversal in Asset Upload Moderate
CVE-2024-52600 was published for statamic/cms (Composer) Nov 19, 2024
SamSchroderBSG
Apache Kafka Clients: Privilege escalation to filesystem read-access via automatic ConfigProvider Moderate
CVE-2024-31141 was published for org.apache.kafka:kafka-clients (Maven) Nov 19, 2024
Harden-Runner has a command injection weaknesses in `setup.ts` and `arc-runner.ts` Low
CVE-2024-52587 was published for step-security/harden-runner (GitHub Actions) Nov 18, 2024
woodruffw
aiohttp allows request smuggling due to incorrect parsing of chunk extensions Moderate
CVE-2024-52304 was published for aiohttp (pip) Nov 18, 2024
JeppW
aiohttp has a memory leak when middleware is enabled when requesting a resource with a non-allowed method Moderate
CVE-2024-52303 was published for aiohttp (pip) Nov 18, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database