Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
49
Go
3,412
Maven
5,000+
npm
5,000+
NuGet
882
pip
4,649
Pub
13
RubyGems
1,027
Rust
1,209
Swift
53
Unreviewed advisories
All unreviewed
5,000+

28,430 advisories

Loading
angular-base64-upload vulnerable to unauthenticated remote code execution Critical
CVE-2024-42640 was published for angular-base64-upload (npm) Oct 11, 2024
rvizx Credited to rvizx
Extract has insufficient checks allowing attacker to create symlinks outside the extraction directory. Moderate
CVE-2024-47877 was published for github.com/codeclysm/extract (Go) Oct 11, 2024
buglloc Credited to buglloc and cmaglie cmaglie cmaglie
DOMpurify has a nesting-based mXSS High
CVE-2024-47875 was published for dompurify (npm) Oct 11, 2024
bastien-roucaries Credited to bastien-roucaries and eslerm eslerm eslerm
SSOReady has an XML Signature Bypass via differential XML parsing Critical
CVE-2024-47832 was published for github.com/ssoready/ssoready (Go) Oct 11, 2024
ahacker1-securesaml Credited to ahacker1-securesaml
JSONPath Plus Remote Code Execution (RCE) Vulnerability Critical
CVE-2024-21534 was published for jsonpath-plus (Maven) Oct 11, 2024
jdong10 Credited to jdong10 and RisingZero RisingZero RisingZero
Snipe-IT remote code execution High
CVE-2024-48987 was published for snipe/snipe-it (Composer) Oct 11, 2024
Lord of Large Language Models (LoLLMs) Server path traversal vulnerability in lollms_file_system.py Low
CVE-2024-6971 was published for lollms (pip) Oct 11, 2024
Gradio's dropdown component pre-process step does not limit the values to those in the dropdown list Low
GHSA-26jh-r8g2-6fpr was published for gradio (pip) Oct 10, 2024
ahpaleus Credited to ahpaleus and Vasco-jofra Vasco-jofra Vasco-jofra
Gradio has an XSS on every Gradio server via upload of HTML files, JS files, or SVG files Moderate
CVE-2024-47872 was published for gradio (pip) Oct 10, 2024
ahpaleus Credited to ahpaleus and Vasco-jofra Vasco-jofra Vasco-jofra
Gradio uses insecure communication between the FRP client and server High
CVE-2024-47871 was published for gradio (pip) Oct 10, 2024
ahpaleus Credited to ahpaleus and Vasco-jofra Vasco-jofra Vasco-jofra
Gradio has a race condition in update_root_in_config may redirect user traffic High
CVE-2024-47870 was published for gradio (pip) Oct 10, 2024
ahpaleus Credited to ahpaleus and Vasco-jofra Vasco-jofra Vasco-jofra
Gradio performs a non-constant-time comparison when comparing hashes Moderate
CVE-2024-47869 was published for gradio (pip) Oct 10, 2024
ahpaleus Credited to ahpaleus and Vasco-jofra Vasco-jofra Vasco-jofra
Gradio has several components with post-process steps allow arbitrary file leaks Moderate
CVE-2024-47868 was published for gradio (pip) Oct 10, 2024
ahpaleus Credited to ahpaleus and Vasco-jofra Vasco-jofra Vasco-jofra
Gradio lacks integrity checking on the downloaded FRP client High
CVE-2024-47867 was published for gradio (pip) Oct 10, 2024
ahpaleus Credited to ahpaleus and Vasco-jofra Vasco-jofra Vasco-jofra
In Gradio, the `enable_monitoring` flag set to `False` does not disable monitoring Low
CVE-2024-47168 was published for gradio (pip) Oct 10, 2024
ahpaleus Credited to ahpaleus and Vasco-jofra Vasco-jofra Vasco-jofra
Gradio vulnerable to SSRF in the path parameter of /queue/join Moderate
CVE-2024-47167 was published for gradio (pip) Oct 10, 2024
ahpaleus Credited to ahpaleus and Vasco-jofra Vasco-jofra Vasco-jofra
Gradio has a one-level read path traversal in `/custom_component` Moderate
CVE-2024-47166 was published for gradio (pip) Oct 10, 2024
ahpaleus Credited to ahpaleus and Vasco-jofra Vasco-jofra Vasco-jofra
Gradio's CORS origin validation accepts the null origin Moderate
CVE-2024-47165 was published for gradio (pip) Oct 10, 2024
ahpaleus Credited to ahpaleus and Vasco-jofra Vasco-jofra Vasco-jofra
Vault Community Edition privilege escalation vulnerability High
CVE-2024-9180 was published for github.com/hashicorp/vault (Go) Oct 10, 2024
westonsteimel Credited to westonsteimel
Gradio's `is_in_or_equal` function may be bypassed Moderate
CVE-2024-47164 was published for gradio (pip) Oct 10, 2024
Vasco-jofra Credited to Vasco-jofra and ahpaleus ahpaleus ahpaleus
Gradios's CORS origin validation is not performed when the request has a cookie High
CVE-2024-47084 was published for gradio (pip) Oct 10, 2024
ahpaleus Credited to ahpaleus and Vasco-jofra Vasco-jofra Vasco-jofra
Alist reflected Cross-Site Scripting vulnerability Moderate
CVE-2024-47067 was published for github.com/alist-org/alist/v3 (Go) Oct 10, 2024
Authd allows attacker-controlled usernames to yield controllable UIDs Moderate
CVE-2024-9312 was published for github.com/ubuntu/authd (Go) Oct 10, 2024
nicoonoclaste Credited to nicoonoclaste, AstraLuma, and gebi AstraLuma AstraLuma
gebi gebi
btcd did not correctly re-implement Bitcoin Core's "FindAndDelete()" functionality High
CVE-2024-38365 was published for github.com/btcsuite/btcd (Go) Oct 10, 2024
darosior Credited to darosior and dergoegge dergoegge dergoegge
Magento Open Source Information Exposure vulnerability Moderate
CVE-2024-45133 was published for magento/community-edition (Composer) Oct 10, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database