Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
46
GitHub Actions
48
Go
3,361
Maven
5,000+
npm
5,000+
NuGet
881
pip
4,554
Pub
12
RubyGems
1,013
Rust
1,205
Swift
51
Unreviewed advisories
All unreviewed
5,000+

27,998 advisories

Loading
Intermittent HTTP policy bypass High
CVE-2024-28248 was published for github.com/cilium/cilium (Go) Mar 18, 2024
sayboras Credited to sayboras
XSS via the "Snapshot Test" feature in Classic Webcam plugin settings Moderate
CVE-2024-28237 was published for OctoPrint (pip) Mar 18, 2024
jacopotediosi Credited to jacopotediosi
Bypassing Rate Limit and Brute Force Protection Using Cache Overflow Moderate
CVE-2024-21662 was published for github.com/argoproj/argo-cd/v2 (Go) Mar 18, 2024
nadava669 Credited to nadava669, pasha-codefresh, crenshaw-dev, todaywasawesome, and jannfis pasha-codefresh pasha-codefresh
crenshaw-dev crenshaw-dev todaywasawesome todaywasawesome jannfis jannfis
Denial of Service (DoS) Vulnerability Due to Unsafe Array Modification in Multi-threaded Environment High
CVE-2024-21661 was published for github.com/argoproj/argo-cd (Go) Mar 18, 2024
nadava669 Credited to nadava669, todaywasawesome, crenshaw-dev, jannfis, and pasha-codefresh todaywasawesome todaywasawesome
crenshaw-dev crenshaw-dev jannfis jannfis pasha-codefresh pasha-codefresh
RCE in TranformGraph().to_dot_graph function High
CVE-2023-41334 was published for astropy (pip) Mar 18, 2024
u32i Credited to u32i
ROTP 6.2.2 and 6.2.1 has 0666 permissions for the .rb files. Moderate
CVE-2024-28862 was published for rotp (RubyGems) Mar 18, 2024
G-Rath Credited to G-Rath
Bypassing Brute Force Protection via Application Crash and In-Memory Data Loss Critical
CVE-2024-21652 was published for github.com/argoproj/argo-cd/v2 (Go) Mar 18, 2024
nadava669 Credited to nadava669, pasha-codefresh, jannfis, crenshaw-dev, and todaywasawesome pasha-codefresh pasha-codefresh
jannfis jannfis crenshaw-dev crenshaw-dev todaywasawesome todaywasawesome
Erroneous authentication pass in Spring Security High
CVE-2024-22257 was published for org.springframework.security:spring-security-core (Maven) Mar 18, 2024
FitNesse Cross-site Scripting vulnerability Moderate
CVE-2024-28128 was published for org.fitnesse:fitnesse (Maven) Mar 18, 2024
FitNesse allows execution of arbitrary OS commands Critical
CVE-2024-28125 was published for org.fitnesse:fitnesse (Maven) Mar 18, 2024
Information leakage in YAQL Moderate
CVE-2024-29156 was published for yaql (pip) Mar 18, 2024
Improper Privilege Management in djangorestframework-simplejwt Low
CVE-2024-22513 was published for djangorestframework-simplejwt (pip) Mar 16, 2024
r3kumar Credited to r3kumar and dmdhrumilmistry dmdhrumilmistry dmdhrumilmistry
Spring Framework URL Parsing with Host Validation Vulnerability High
CVE-2024-22259 was published for org.springframework:spring-web (Maven) Mar 16, 2024
yoshizawa-masatoshi Credited to yoshizawa-masatoshi
Regular expression denial-of-service in Django Moderate
CVE-2024-27351 was published for django (pip) Mar 15, 2024
MarkLee131 Credited to MarkLee131
CLI for Vela Insecure Variable Substitution High
GHSA-4jhj-3gv3-c3gr was published for github.com/go-vela/cli (Go) Mar 15, 2024
gdiepen Credited to gdiepen
Golang SDK for Vela Insecure Variable Substitution High
GHSA-v8mx-hp2q-gw85 was published for github.com/go-vela/sdk-go (Go) Mar 15, 2024
gdiepen Credited to gdiepen
Server/API for Vela Insecure Variable Substitution High
GHSA-69p4-j5v5-x234 was published for github.com/go-vela/server (Go) Mar 15, 2024
gdiepen Credited to gdiepen
Types for Vela Insecure Variable Substitution High
GHSA-7v38-w32m-wx4m was published for github.com/go-vela/types (Go) Mar 15, 2024
gdiepen Credited to gdiepen
tls-listener affected by the slow loris vulnerability with default configuration High
CVE-2024-28854 was published for tls-listener (Rust) Mar 15, 2024
conradludgate Credited to conradludgate
TurboBoost Commands vulnerable to arbitrary method invocation High
CVE-2024-28181 was published for @turbo-boost/commands (RubyGems) Mar 15, 2024
Cross-site scripting on application summary component Critical
CVE-2024-28175 was published for github.com/argoproj/argo-cd (Go) Mar 15, 2024
Ry0taK Credited to Ry0taK, agaudreault, and crenshaw-dev agaudreault agaudreault
crenshaw-dev crenshaw-dev
CoreWCF NetFraming based services can leave connections open when they should be closed High
CVE-2024-28252 was published for CoreWCF.NetFramingBase (NuGet) Mar 15, 2024
mirek-kopacka Credited to mirek-kopacka, birojnayak, and mconnew birojnayak birojnayak
mconnew mconnew
fgr Vulnerable to Insecure Default Variable Initialization Low
GHSA-879p-8gw4-mcpw was published for fgr (pip) Mar 15, 2024
dan1hc Credited to dan1hc
Nuclei allows unsigned code template execution through workflows High
CVE-2024-27920 was published for github.com/projectdiscovery/nuclei/v3 (Go) Mar 15, 2024
RaspAP Vulnerable to Code Injection via an Unknown Process in File `includes/provider.php` Moderate
CVE-2024-2497 was published for billz/raspap-webgui (Composer) Mar 15, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database