Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
49
Go
3,406
Maven
5,000+
npm
5,000+
NuGet
882
pip
4,641
Pub
13
RubyGems
1,026
Rust
1,209
Swift
53
Unreviewed advisories
All unreviewed
5,000+

28,408 advisories

Loading
Apache Hadoop: Temporary File Local Information Disclosure Low
CVE-2024-23454 was published for org.apache.hadoop:hadoop-common (Maven) Sep 25, 2024
oscerd Credited to oscerd
Apache Answer: Avatar URL leaked user email addresses Moderate
CVE-2024-40761 was published for github.com/apache/incubator-answer (Go) Sep 25, 2024
oscerd Credited to oscerd
Cross site scripting in Concrete CMS Moderate
CVE-2024-7398 was published for concrete5/concrete5 (Composer) Sep 25, 2024
Cross site scripting in Concrete CMS Moderate
CVE-2024-8291 was published for concrete5/concrete5 (Composer) Sep 25, 2024
Mellium allows Authentication Bypass by Spoofing Critical
CVE-2024-46957 was published for mellium.im/xmpp (Go) Sep 25, 2024
Denial of service in rocket chat message parser Moderate
CVE-2024-46935 was published for @rocket.chat/message-parser (npm) Sep 25, 2024
Flowise and Flowise Chat Embed vulnerable to Stored Cross-site Scripting Moderate
CVE-2024-9148 was published for flowise (npm) Sep 25, 2024
Apache Linkis Spark EngineConn: Commons Lang's RandomStringUtils Random string security vulnerability High
CVE-2024-39928 was published for org.apache.linkis:linkis-engineplugin-spark (Maven) Sep 25, 2024
oscerd Credited to oscerd
Spring Framework DoS via conditional HTTP request Moderate
CVE-2024-38809 was published for org.springframework:spring-web (Maven) Sep 24, 2024
weddige Credited to weddige
DOM Clobbering Gadget found in rollup bundled scripts that leads to XSS High
CVE-2024-47068 was published for rollup (npm) Sep 23, 2024
jackfromeast Credited to jackfromeast and ishmeals ishmeals ishmeals
Camaleon CMS vulnerable to stored XSS through user file upload (GHSL-2024-184) Moderate
GHSA-8fx8-3rg2-79xw was published for camaleon_cms (RubyGems) Sep 23, 2024
Duplicate Advisory: Camaleon CMS vulnerable to remote code execution through code injection (GHSL-2024-185) High
GHSA-3hp8-6j24-m5gm was published for camaleon_cms (RubyGems) Sep 23, 2024 withdrawn
postmodern Credited to postmodern
Ouch! allows a segmentation fault due to use of uninitialized memory Moderate
GHSA-2wq5-g96f-mv3v was published for ouch (Rust) Sep 23, 2024
lobe-chat implemented an insufficient fix for GHSA-mxhq-xw3g-rphc (CVE-2024-32964) Moderate
CVE-2024-47066 was published for @lobehub/chat (npm) Sep 23, 2024
a1loy Credited to a1loy
DataEase has an XML External Entity Reference vulnerability High
CVE-2024-46985 was published for io.dataease:common (Maven) Sep 23, 2024
flylzj Credited to flylzj
DataEase's H2 datasource has a remote command execution risk Critical
CVE-2024-46997 was published for io.dataease:common (Maven) Sep 23, 2024
flylzj Credited to flylzj
OAuth2 client ID and secret exposed through the web browser High
CVE-2024-9014 was published for pgadmin4 (pip) Sep 23, 2024
m3t3kh4n Credited to m3t3kh4n
HTTP Request Smuggling in ruby webrick High
CVE-2024-47220 was published for webrick (RubyGems) Sep 22, 2024
renatolond Credited to renatolond and bermannoah bermannoah bermannoah
Prevent XSS from Confidant API call Moderate
CVE-2024-45793 was published for confidant (pip) Sep 20, 2024
whu-lyft Credited to whu-lyft, meng-han, alejandroroiz, achantavy, heryxpc, anshumanbh, bstewart-lyft, and reindaelman meng-han meng-han
alejandroroiz alejandroroiz achantavy achantavy heryxpc heryxpc anshumanbh anshumanbh bstewart-lyft bstewart-lyft reindaelman reindaelman
Navidrome has Multiple SQL Injections and ORM Leak Critical
CVE-2024-47062 was published for github.com/navidrome/navidrome (Go) Sep 20, 2024
snyff Credited to snyff
Plate allows arbitrary DOM attributes in element.attributes and leaf.attributes High
CVE-2024-47061 was published for @udecode/plate-core (npm) Sep 20, 2024
Puma's header normalization allows for client to clobber proxy set headers Moderate
CVE-2024-45614 was published for puma (RubyGems) Sep 20, 2024
Reverb use after free vulnerability Moderate
CVE-2024-8375 was published for dm-reverb (pip) Sep 19, 2024
Duplicate Advisory: Keycloak SAML signature validation flaw Moderate
GHSA-4xx7-2cx3-x473 was published for org.keycloak:keycloak-saml-core (Maven) Sep 19, 2024 withdrawn
Duplicate Advisory: Keycloak Open Redirect vulnerability High
GHSA-vvf8-2h68-9475 was published for org.keycloak:keycloak-services (Maven) Sep 19, 2024 withdrawn
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database