Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
47
GitHub Actions
48
Go
3,378
Maven
5,000+
npm
5,000+
NuGet
881
pip
4,573
Pub
13
RubyGems
1,013
Rust
1,205
Swift
51
Unreviewed advisories
All unreviewed
5,000+

28,101 advisories

Loading
LibreNMS vulnerable to a Time-Based Blind SQL injection leads to database extraction High
CVE-2024-32480 was published for librenms/librenms (Composer) Apr 22, 2024
sco4x0 Credited to sco4x0
LibreNMS uses Improper Sanitization on Service template name leads to Stored XSS High
CVE-2024-32479 was published for librenms/librenms (Composer) Apr 22, 2024
rook1337 Credited to rook1337
LibreNMS vulnerable to SQL injection time-based leads to database extraction High
CVE-2024-32461 was published for librenms/librenms (Composer) Apr 22, 2024
Louhan-dev Credited to Louhan-dev
JADX file override vulnerability Low
GHSA-hvp5-5x4f-33fq was published for io.github.skylot:jadx-core (Maven) Apr 22, 2024
Cl0udG0d Credited to Cl0udG0d
Authelia's Group Changes may not have the expected results (YAML file backend) Low
GHSA-x883-2vmg-xwf7 was published for github.com/authelia/authelia/v4 (Go) Apr 22, 2024
ezrizhu Credited to ezrizhu
Ant Media Server vulnerable to a local privilege escalation High
CVE-2024-32656 was published for io.antmedia:ant-media-server (Maven) Apr 22, 2024
UNC1739 Credited to UNC1739
Apache HugeGraph-Server: Bypass whitelist in Auth mode High
CVE-2024-27349 was published for org.apache.hugegraph:hugegraph-api (Maven) Apr 22, 2024
Apache HugeGraph-Hubble: SSRF in Hubble connection page Moderate
CVE-2024-27347 was published for org.apache.hugegraph:hugegraph-hubble (Maven) Apr 22, 2024
Apache HugeGraph-Server: Command execution in gremlin Critical
CVE-2024-27348 was published for org.apache.hugegraph:hugegraph-api (Maven) Apr 22, 2024
OpenStack Storlets arbitrary code execution vulnerability High
CVE-2024-28717 was published for storlets (pip) Apr 22, 2024
Improper Certificate Validation vulnerability in Apache Airflow FTP Provider Low
CVE-2024-29733 was published for apache-airflow-providers-ftp (pip) Apr 21, 2024
ericwb Credited to ericwb
Apache Answer: XSS vulnerability when changing personal website Moderate
CVE-2024-29217 was published for github.com/apache/incubator-answer (Go) Apr 21, 2024
flask-cors vulnerable to log injection when the log level is set to debug Moderate
CVE-2024-1681 was published for flask-cors (pip) Apr 19, 2024
bayandin Credited to bayandin
@hono/node-server has Denial of Service risk when receiving Host header that cannot be parsed High
CVE-2024-32652 was published for @hono/node-server (npm) Apr 19, 2024
Denial of Service Vulnerability in Rustls Library High
CVE-2024-32650 was published for rustls (Rust) Apr 19, 2024
Taowyoo Credited to Taowyoo, arai-fortanix, jjfiv, and s-arash arai-fortanix arai-fortanix
jjfiv jjfiv s-arash s-arash
TCPDF vulnerable to Regular Expression Denial of Service Moderate
CVE-2024-22640 was published for tecnickcom/tcpdf (Composer) Apr 19, 2024
Starfox64 Credited to Starfox64
Enabling Authentication does not close all logged in socket connections immediately Low
GHSA-23q2-5gf8-gjpp was published for uptime-kuma (npm) Apr 19, 2024
IPv6 enabled on IPv4-only network interfaces Moderate
CVE-2024-32473 was published for github.com/docker/docker (Go) Apr 18, 2024
robmry Credited to robmry, corhere, gabriellavengeo, and akerouanton corhere corhere
gabriellavengeo gabriellavengeo akerouanton akerouanton
Sentry vulnerable to leaking superuser cleartext password in logs High
CVE-2024-32474 was published for sentry (pip) Apr 18, 2024
lluuaapp Credited to lluuaapp
1Panel's password verification is suspected to have a timing attack vulnerability Low
CVE-2024-30257 was published for github.com/1Panel-dev/1Panel (Go) Apr 18, 2024
Dolibarr Application Home Page has HTML injection vulnerability High
CVE-2024-23817 was published for dolibarr/dolibarr (Composer) Apr 18, 2024
saimanikanta1992 Credited to saimanikanta1992
@andrei-tatar/nora-firebase-common Prototype Pollution vulnerability High
CVE-2024-30564 was published for @andrei-tatar/nora-firebase-common (npm) Apr 18, 2024
aiohttp Cross-site Scripting vulnerability on index pages for static file handling Moderate
CVE-2024-27306 was published for aiohttp (pip) Apr 18, 2024
arkark Credited to arkark and bdraco bdraco bdraco
Apache Airflow: Sensitive configuration for providers displayed when "non-sensitive-only" config used Moderate
CVE-2024-31869 was published for apache-airflow (pip) Apr 18, 2024
Prototype pollution in emit function Low
GHSA-82jv-9wjw-pqh6 was published for derby (npm) Apr 17, 2024
chluo1997 Credited to chluo1997
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database