Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
48
Go
3,402
Maven
5,000+
npm
5,000+
NuGet
882
pip
4,631
Pub
13
RubyGems
1,026
Rust
1,205
Swift
53
Unreviewed advisories
All unreviewed
5,000+

28,344 advisories

Loading
github.com/gitpod-io/gitpod vulnerable to Cookie Tossing Moderate
CVE-2024-21583 was published for github.com/gitpod-io/gitpod (Go) Jul 19, 2024
Absent Input Validation in BinaryHttpParser High
CVE-2024-40642 was published for io.netty.incubator:netty-incubator-codec-bhttp (Maven) Jul 18, 2024
shombo Credited to shombo
TorchServe gRPC Port Exposure High
CVE-2024-35199 was published for torchserve (pip) Jul 18, 2024
TorchServe vulnerable to bypass of allowed_urls configuration Critical
CVE-2024-35198 was published for torchserve (pip) Jul 18, 2024
Kubernetes sets incorrect permissions on Windows containers logs High
CVE-2024-5321 was published for k8s.io/kubernetes (Go) Jul 18, 2024
Sliver Allows Authenticated Operator-to-Server Remote Code Execution High
CVE-2024-41111 was published for github.com/bishopfox/sliver (Go) Jul 18, 2024
hyperreality Credited to hyperreality
Sentry's Python SDK unintentionally exposes environment variables to subprocesses Low
CVE-2024-40647 was published for sentry-sdk (pip) Jul 18, 2024
kmichel-aiven Credited to kmichel-aiven and cgurnik cgurnik cgurnik
matrix-sdk-crypto's `UserIdentity::is_verified` not checking verification status of own user identity while performing the check Moderate
CVE-2024-40648 was published for matrix-sdk-crypto (Rust) Jul 18, 2024
dkasak Credited to dkasak and poljar poljar poljar
gix-path can use a fake program files location High
CVE-2024-40644 was published for gix-path (Rust) Jul 18, 2024
EliahKagan Credited to EliahKagan
The OpenSearch reporting plugin improperly controls tenancy access to reporting resources Moderate
CVE-2024-39900 was published for org.opensearch.plugin:opensearch-reports-scheduler (Maven) Jul 18, 2024
1Panel has an SQL injection issue related to the orderBy clause Critical
CVE-2024-39907 was published for github.com/1Panel-dev/1Panel (Go) Jul 18, 2024
xuebibibibibi Credited to xuebibibibibi
Apache StreamPark: FreeMarker SSTI RCE Vulnerability High
CVE-2024-29178 was published for org.apache.streampark:streampark (Maven) Jul 18, 2024
Roundup Cross-site Scripting Vulnerability Moderate
CVE-2024-39125 was published for roundup (pip) Jul 17, 2024
Roundup Cross-site Scripting Vulnerability Moderate
CVE-2024-39126 was published for roundup (pip) Jul 17, 2024
Roundup Cross-site Scripting Vulnerability Moderate
CVE-2024-39124 was published for roundup (pip) Jul 17, 2024
openCart Server-Side Template Injection (SSTI) vulnerability Moderate
CVE-2024-36694 was published for opencart/opencart (Composer) Jul 17, 2024
projectdiscovery/nuclei allows unsigned code template execution through workflows High
CVE-2024-40641 was published for github.com/projectdiscovery/nuclei/v3 (Go) Jul 17, 2024
Ovi3 Credited to Ovi3
vodozemac's usage of non-constant time base64 decoder could lead to leakage of secret key material Moderate
CVE-2024-40640 was published for vodozemac (Rust) Jul 17, 2024
BlastRADIUS also affects eduMFA Moderate
GHSA-vhmj-5q9r-mm9g was published for edumfa (pip) Jul 17, 2024
Janfred Credited to Janfred and sklemer1 sklemer1 sklemer1
Silverstripe uses TinyMCE which allows svg files linked in object tags Moderate
GHSA-52cw-pvq9-9m5v was published for silverstripe/framework (Composer) Jul 17, 2024
Steeltoe Leaks Basic Auth Credentials to Logs After Fetch Registry Error Low
CVE-2024-40636 was published for Steeltoe.Discovery.ClientAutofac (NuGet) Jul 17, 2024
dbt has an implicit override for built-in materializations from installed packages Low
CVE-2024-40637 was published for dbt-core (pip) Jul 17, 2024
brabster Credited to brabster
Apache StreamPark: Information leakage vulnerability Moderate
CVE-2024-29120 was published for org.apache.streampark:streampark (Maven) Jul 17, 2024
Zowe CLI allows storage of previously entered secure credentials in a plaintext file Moderate
CVE-2024-6833 was published for @zowe/cli (npm) Jul 17, 2024
Eclipse Parsson stack overflow when parsing deeply nested input Critical
CVE-2023-7272 was published for org.eclipse.parsson:parsson (Maven) Jul 17, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database