Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
46
GitHub Actions
48
Go
3,361
Maven
5,000+
npm
5,000+
NuGet
881
pip
4,554
Pub
12
RubyGems
1,013
Rust
1,205
Swift
51
Unreviewed advisories
All unreviewed
5,000+

27,998 advisories

Loading
Pterodactyl Wings vulnerable to improper isolation of server file access Critical
CVE-2024-27102 was published for github.com/pterodactyl/wings (Go) Mar 15, 2024
KurtThiemann Credited to KurtThiemann, aft2d, and matthewpi aft2d aft2d
matthewpi matthewpi
vantage6 vulnerable to a username timing attack on recover password/MFA token Moderate
CVE-2024-24770 was published for vantage6 (pip) Mar 15, 2024
vantage6's CORS settings overly permissive Moderate
CVE-2024-23823 was published for vantage6 (pip) Mar 15, 2024
Fluid vulnerable to OS Command Injection for Fluid Users with JuicefsRuntime Moderate
CVE-2023-51699 was published for github.com/fluid-cloudnative/fluid (Go) Mar 15, 2024
zhang-x-z Credited to zhang-x-z
Users with `create` but not `override` privileges can perform local sync Moderate
CVE-2023-50726 was published for github.com/argoproj/argo-cd (Go) Mar 15, 2024
crenshaw-dev Credited to crenshaw-dev
Apache ZooKeeper vulnerable to information disclosure in persistent watchers handling Moderate
CVE-2024-23944 was published for org.apache.zookeeper:zookeeper (Maven) Mar 15, 2024
SSRF vulnerability using the Aegis DataBinding in Apache CXF Critical
CVE-2024-28752 was published for org.apache.cxf:cxf-rt-databinding-aegis (Maven) Mar 15, 2024
johnament Credited to johnament
Mattermost Server Resource Exhaustion Low
CVE-2024-28053 was published for github.com/mattermost/mattermost-server (Go) Mar 15, 2024
Insecure Variable Substitution in Vela High
CVE-2024-28236 was published for github.com/go-vela/worker (Go) Mar 14, 2024
gdiepen Credited to gdiepen
discordrb OS Command Injection vulnerability Critical
CVE-2023-28102 was published for discordrb (RubyGems) Mar 14, 2024
Whoogle Search Cross-site Scripting vulnerability Moderate
CVE-2024-22417 was published for whoogle-search (pip) Mar 14, 2024
Whoogle Search Server-Side Request Forgery vulnerability Critical
CVE-2024-22205 was published for whoogle-search (pip) Mar 14, 2024
Whoogle Search Path Traversal vulnerability Critical
CVE-2024-22203 was published for whoogle-search (pip) Mar 14, 2024
Whoogle Search Path Traversal vulnerability Moderate
CVE-2024-22204 was published for whoogle-search (pip) Mar 14, 2024
follow-redirects' Proxy-Authorization header kept across hosts Moderate
CVE-2024-28849 was published for follow-redirects (npm) Mar 14, 2024
4xpl0r3r Credited to 4xpl0r3r and RDIL RDIL RDIL
Apache Airflow: Ignored Airflow Permission Moderate
CVE-2024-28746 was published for apache-airflow (pip) Mar 14, 2024
oscerd Credited to oscerd
Bagisto vulnerable to Insecure Direct Object Reference (IDOR) Moderate
CVE-2023-36238 was published for bagisto/bagisto (Composer) Mar 13, 2024
Denial of Service via incomplete cleanup vulnerability in Apache Tomcat Moderate
CVE-2024-23672 was published for org.apache.tomcat.embed:tomcat-embed-websocket (Maven) Mar 13, 2024
westonsteimel Credited to westonsteimel
Apache Tomcat Denial of Service due to improper input validation vulnerability for HTTP/2 requests Moderate
CVE-2024-24549 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Mar 13, 2024
oscerd Credited to oscerd and westonsteimel westonsteimel westonsteimel
Remote Denial of Service Vulnerability in Microsoft QUIC High
GHSA-2x7m-gf85-3745 was published for Microsoft.Native.Quic.MsQuic.OpenSSL (NuGet) Mar 13, 2024
quiche vulnerable to unlimited resource allocation by QUIC CRYPTO frames flooding Moderate
CVE-2024-1765 was published for quiche (Rust) Mar 13, 2024
quiche vulnerable to unbounded storage of information related to connection ID retirement Low
CVE-2024-1410 was published for quiche (Rust) Mar 13, 2024
marten-seemann Credited to marten-seemann
aiosmtpd vulnerable to SMTP smuggling Moderate
CVE-2024-27305 was published for aiosmtpd (pip) Mar 13, 2024
The-Login Credited to The-Login
Potential log injection in reset user endpoint in CKAN Moderate
CVE-2024-27097 was published for ckan (pip) Mar 13, 2024
ZuhairORZaki Credited to ZuhairORZaki
In Quarkus, git credentials could be inadvertently published Low
CVE-2024-1979 was published for io.quarkus:quarkus-kubernetes-deployment (Maven) Mar 13, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database