Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
49
Go
3,405
Maven
5,000+
npm
5,000+
NuGet
882
pip
4,641
Pub
13
RubyGems
1,026
Rust
1,209
Swift
53
Unreviewed advisories
All unreviewed
5,000+

28,407 advisories

Loading
Diesel vulnerable to Binary Protocol Misinterpretation caused by Truncating or Overflowing Casts High
GHSA-wq9x-qwcq-mmgf was published for diesel (Rust) Aug 23, 2024
pretix Stored Cross-site Scripting vulnerability High
CVE-2024-8113 was published for pretix (pip) Aug 23, 2024
p-w Credited to p-w
Mattermost Plugin Channel Export excessive resource consumption Moderate
CVE-2024-43105 was published for github.com/mattermost/mattermost-plugin-channel-export (Go) Aug 23, 2024
c0rydoras Credited to c0rydoras
Signature forgery in Spring Boot's Loader High
CVE-2024-38807 was published for org.springframework.boot:spring-boot-loader (Maven) Aug 23, 2024
LlamaIndex includes an exec call for `import {cls_name}` Critical
CVE-2024-45201 was published for llama-index-core (pip) Aug 22, 2024
Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams High
CVE-2024-42497 was published for github.com/mattermost/mattermost/server/v8 (Go) Aug 22, 2024
Mattermost allows guest user with read access to upload files to a channel Moderate
CVE-2024-43780 was published for github.com/mattermost/mattermost/server/v8 (Go) Aug 22, 2024
Mattermost allows team admin user without "Add Team Members" permission to disable invite URL Moderate
CVE-2024-40884 was published for github.com/mattermost/mattermost/server/v8 (Go) Aug 22, 2024
memos CORS Misconfiguration in server.go (GHSL-2024-034) High
CVE-2024-41659 was published for github.com/usememos/memos (Go) Aug 22, 2024
Casdoor has reflected XSS in QrCodePage.js (GHSL-2024-036) Moderate
CVE-2024-41658 was published for github.com/casdoor/casdoor (Go) Aug 22, 2024
Casdoor CORS misconfiguration (GHSL-2024-035) High
CVE-2024-41657 was published for github.com/casdoor/casdoor (Go) Aug 22, 2024
gitoxide-core does not neutralize special characters for terminals Low
CVE-2024-43785 was published for gitoxide (Rust) Aug 22, 2024
EliahKagan Credited to EliahKagan
Hono CSRF middleware can be bypassed using crafted Content-Type header Low
CVE-2024-43787 was published for hono (npm) Aug 22, 2024
wataru-chocola Credited to wataru-chocola
REXML denial of service vulnerability High
CVE-2024-43398 was published for rexml (RubyGems) Aug 22, 2024
GoAuthentik vulnerable to Insufficient Authorization for several API endpoints Critical
CVE-2024-42490 was published for goauthentik.io (Go) Aug 22, 2024
m2a2 Credited to m2a2
Mattermost doesn't restrict which roles can promote a user as system admin Moderate
CVE-2024-8071 was published for github.com/mattermost/mattermost/server/v8 (Go) Aug 22, 2024
Mattermost doesn't redact remote users' original email addresses Moderate
CVE-2024-32939 was published for github.com/mattermost/mattermost/server/v8 (Go) Aug 22, 2024
Mattermost allows remote/synthetic users to create sessions, reset passwords Moderate
CVE-2024-39836 was published for github.com/mattermost/mattermost/server/v8 (Go) Aug 22, 2024
Mattermost Cross-Site Request Forgery vulnerability Moderate
CVE-2024-40886 was published for github.com/mattermost/mattermost/server/v8 (Go) Aug 22, 2024
Mage AI allows remote unauthenticated attackers to leak the terminal server command history of arbitrary users Moderate
CVE-2024-8072 was published for mage-ai (pip) Aug 22, 2024
CWA-2024-006: wasmd non-deterministic module_query_safe query Moderate
GHSA-fpgj-cr28-fvpx was published for github.com/CosmWasm/wasmd (Go) Aug 21, 2024
amimart Credited to amimart
CWA-2024-005: Stackoverflow in wasmd High
GHSA-g8w7-7vgg-x7xg was published for github.com/CosmWasm/wasmd (Go) Aug 21, 2024
unknownfeature Credited to unknownfeature
squirrelly Code Injection vulnerability High
CVE-2024-40453 was published for squirrelly (npm) Aug 21, 2024
Apache Airflow Cross-site Scripting Vulnerability Moderate
CVE-2024-41937 was published for apache-airflow (pip) Aug 21, 2024
CKEditor4 low-risk cross-site scripting (XSS) vulnerability linked to potential domain takeover Moderate
CVE-2024-43411 was published for ckeditor4 (npm) Aug 21, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database