Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
48
Go
3,399
Maven
5,000+
npm
5,000+
NuGet
882
pip
4,618
Pub
13
RubyGems
1,026
Rust
1,205
Swift
52
Unreviewed advisories
All unreviewed
5,000+

28,315 advisories

Loading
WooCommerce has a Cross-Site Scripting (XSS) Vulnerability in checkout & registration forms Moderate
CVE-2024-37297 was published for woocommerce/woocommerce (Composer) Jun 12, 2024
@strapi/plugin-users-permissions leaks 3rd party authentication tokens and authentication bypass High
CVE-2024-34065 was published for @strapi/plugin-users-permissions (npm) Jun 12, 2024
Eventyret Credited to Eventyret, iarce-qb, derrickmehaffy, Convly, innerdvations, and alexandrebodin iarce-qb iarce-qb
derrickmehaffy derrickmehaffy Convly Convly innerdvations innerdvations alexandrebodin alexandrebodin
@strapi/plugin-upload has a Denial-of-Service via Improper Exception Handling Moderate
CVE-2024-31217 was published for @strapi/plugin-upload (npm) Jun 12, 2024
CxDavidepaalte Credited to CxDavidepaalte, derrickmehaffy, Marc-Roig, and alexandrebodin derrickmehaffy derrickmehaffy
Marc-Roig Marc-Roig alexandrebodin alexandrebodin
@strapi/plugin-content-manager leaks data via relations via the Admin Panel Low
CVE-2024-29181 was published for @strapi/plugin-content-manager (npm) Jun 12, 2024
felixdkatt Credited to felixdkatt, derrickmehaffy, Bassel17, and christiancp100 derrickmehaffy derrickmehaffy
Bassel17 Bassel17 christiancp100 christiancp100
SummerNote Cross Site Scripting Vulnerability Moderate
CVE-2024-37629 was published for summernote (npm) Jun 12, 2024
Globus `identity_provider` restriction ignored when used with `allow_all` in JupyterHub 5.0 High
CVE-2024-37300 was published for oauthenticator (pip) Jun 12, 2024
minrk Credited to minrk, yuvipanda, and manics yuvipanda yuvipanda
manics manics
Apache Submarine Server Core Incorrect Authorization vulnerability Critical
CVE-2024-36265 was published for apache-submarine (Maven) Jun 12, 2024
Apache Submarine Server Core has a SQL Injection Vulnerability High
CVE-2024-36263 was published for org.apache.submarine:submarine-server-core (Maven) Jun 12, 2024
Elasticsearch Remote Cluster Search Cross Cluster API Key insufficient restrictions Moderate
CVE-2024-23445 was published for org.elasticsearch:elasticsearch (Maven) Jun 12, 2024
Apache Submarine Commons Utils has a hard-coded secret Moderate
CVE-2024-36264 was published for apache-submarine (Maven) Jun 12, 2024
parisneo/lollms Local File Inclusion (LFI) attack Critical
CVE-2024-4315 was published for lollms (pip) Jun 12, 2024
Jupyter Server Proxy has a reflected XSS issue in host parameter Critical
CVE-2024-35225 was published for jupyter-server-proxy (pip) Jun 11, 2024
dlqqq Credited to dlqqq
document-merge-service vulnerable to Remote Code Execution via Server-Side Template Injection High
CVE-2024-37301 was published for document-merge-service (pip) Jun 11, 2024
c0rydoras Credited to c0rydoras
Keycloak's admin API allows low privilege users to use administrative functions High
CVE-2024-3656 was published for org.keycloak:keycloak-services (Maven) Jun 11, 2024
Traefik has unexpected behavior with IPv4-mapped IPv6 addresses Moderate
GHSA-7jmw-8259-q9jx was published for github.com/traefik/traefik (Go) Jun 11, 2024
Azure Storage Movement Client Library Denial of Service Vulnerability High
CVE-2024-35252 was published for Microsoft.Azure.Storage.DataMovement (NuGet) Jun 11, 2024
Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability Moderate
CVE-2024-35255 was published for @azure/identity (Go) Jun 11, 2024
scottaddie Credited to scottaddie and localden localden localden
@grpc/grpc-js can allocate memory for incoming messages well above configured limits Moderate
CVE-2024-37168 was published for @grpc/grpc-js (npm) Jun 10, 2024
jhump Credited to jhump
ghtml Cross-Site Scripting (XSS) vulnerability High
CVE-2024-37166 was published for ghtml (npm) Jun 10, 2024
lirantal Credited to lirantal
Composer has a command injection via malicious git branch name High
CVE-2024-35241 was published for composer/composer (Composer) Jun 10, 2024
martinhaunschmid Credited to martinhaunschmid
Composer has multiple command injections via malicious git/hg branch names High
CVE-2024-35242 was published for composer/composer (Composer) Jun 10, 2024
haqpl Credited to haqpl
Langflow remote code execution vulnerability High
CVE-2024-37014 was published for langflow (pip) Jun 10, 2024
Moby (Docker Engine) is vulnerable to Ambiguous OCI manifest parsing Moderate
GHSA-xmmx-7jpf-fx42 was published for github.com/docker/docker (Go) Jun 10, 2024
Docker CLI leaks private registry credentials to registry-1.docker.io Moderate
CVE-2021-41092 was published for github.com/docker/cli (Go) Jun 10, 2024
`docker cp` allows unexpected chmod of host files in Moby Docker Engine Low
CVE-2021-41089 was published for github.com/docker/docker (Go) Jun 10, 2024
LevanaXr Credited to LevanaXr and ssst0n3 ssst0n3 ssst0n3
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database