Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

Filter advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
73
GitHub Actions
53
Go
4,004
Maven
5,000+
npm
5,000+
NuGet
974
pip
5,000+
Pub
13
RubyGems
1,069
Rust
1,395
Swift
61
Unreviewed advisories
All unreviewed
5,000+

31,556 advisories

Loading
Karmada Tar Slips in CRDs archive extraction Moderate
CVE-2024-56514 was published for github.com/karmada-io/karmada (Go) Jan 3, 2025
zhzhuang-zju Credited to zhzhuang-zju, RainbowMango, TheZ3ro, and suidpit RainbowMango RainbowMango
TheZ3ro TheZ3ro suidpit suidpit
Karmada PULL Mode Cluster Privilege Escalation High
CVE-2024-56513 was published for github.com/karmada-io/karmada (Go) Jan 3, 2025
zhzhuang-zju Credited to zhzhuang-zju, RainbowMango, SHIRO-BAKO, suidpit, and TheZ3ro RainbowMango RainbowMango
SHIRO-BAKO SHIRO-BAKO suidpit suidpit TheZ3ro TheZ3ro
PhpSpreadsheet allows unauthorized Reflected XSS in `Convert-Online.php` file High
CVE-2024-56408 was published for phpoffice/phpexcel (Composer) Jan 3, 2025
zly123987 Credited to zly123987
phpMyFAQ Vulnerable to Stored HTML Injection at FAQ Moderate
CVE-2024-56199 was published for phpmyfaq/phpmyfaq (Composer) Jan 2, 2025
geo-chen Credited to geo-chen
Narayana deadlock via multiple join requests sent to LRA Coordinator Moderate
CVE-2024-8447 was published for org.jboss.narayana.rts:lra-coordinator-jar (Maven) Jan 2, 2025
path-sanitizer allows bypassing the existing filters to achieve path-traversal vulnerability Critical
CVE-2024-56198 was published for path-sanitizer (npm) Jan 2, 2025
realArcherL Credited to realArcherL
The wp-enable-svg WordPress plugin does not sanitize SVG files when uploaded Moderate
CVE-2024-11184 was published for mwdelaney/wp-enable-svg (Composer) Jan 2, 2025
Rudloff Credited to Rudloff
OpenShift Hive RCE through AWS/Kubernetes client configuration leads to privilege escalation High
CVE-2024-25133 was published for github.com/openshift/hive (Go) Dec 31, 2024
magic-crypt uses insecure cryptographic algorithms Low
GHSA-gmx7-gr5q-85w5 was published for magic-crypt (Rust) Dec 30, 2024
xous has unsound usages of `core::slice::from_raw_parts` Low
GHSA-gv7f-5qqh-vxfx was published for xous (Rust) Dec 30, 2024
LGSL has a reflected XSS at /lgsl_files/lgsl_list.php Moderate
CVE-2024-56517 was published for tltneon/lgsl (Composer) Dec 30, 2024
tCu0n9 Credited to tCu0n9
Better Auth has an Open Redirect Vulnerability in Verify Email Endpoint High
CVE-2024-56734 was published for better-auth (npm) Dec 30, 2024
jamesjulich Credited to jamesjulich
Password Pusher Allows Session Token Interception Leading to Potential Hijacking Moderate
CVE-2024-56733 was published for pwpush (RubyGems) Dec 30, 2024
khoj has an IDOR in subscription management allows unauthorized subscription modifications Moderate
CVE-2024-52294 was published for khoj (pip) Dec 30, 2024
adventure8812 Credited to adventure8812 and r0path r0path r0path
TeamPass mail_me operation authorization issue Moderate
CVE-2024-50702 was published for nilsteampassnet/teampass (Composer) Dec 30, 2024
TeamPass does not properly check whether a folder is in a user's allowed folders list Moderate
CVE-2024-50701 was published for nilsteampassnet/teampass (Composer) Dec 30, 2024
TeamPass privileges issue Critical
CVE-2024-50703 was published for nilsteampassnet/teampass (Composer) Dec 30, 2024
Apache NiFi: Missing Complete Authorization for Parameter and Service References Low
CVE-2024-56512 was published for org.apache.nifi:nifi-web-api (Maven) Dec 28, 2024
exceptionfactory Credited to exceptionfactory
Dcat Admin Cross-site Scripting (XSS) vulnerability Moderate
CVE-2024-54774 was published for dcat/laravel-admin (Composer) Dec 28, 2024
Dcat-Admin Cross-Site Scripting (XSS) vulnerability Moderate
CVE-2024-54775 was published for dcat/laravel-admin (Composer) Dec 28, 2024
Letta (previously MemGPT) incorrect access control vulnerability High
CVE-2024-39025 was published for letta (pip) Dec 27, 2024
TunnelVision - decloaking VPNs using DHCP Moderate
GHSA-hqmp-g7ph-x543 was published for quincy (Rust) Dec 27, 2024
changedetection.io Vulnerable to Improper Input Validation Leading to LFR/Path Traversal High
CVE-2024-56509 was published for changedetection.io (pip) Dec 27, 2024
vicevirus Credited to vicevirus
TCPDF has incorrect comparison High
CVE-2024-56522 was published for tecnickcom/tcpdf (Composer) Dec 27, 2024
TCPDF missing character escape on error messages Moderate
CVE-2024-56527 was published for tecnickcom/tcpdf (Composer) Dec 27, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database