Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
46
GitHub Actions
48
Go
3,359
Maven
5,000+
npm
5,000+
NuGet
881
pip
4,554
Pub
12
RubyGems
1,013
Rust
1,205
Swift
51
Unreviewed advisories
All unreviewed
5,000+

27,996 advisories

Loading
Apache Pulsar: Pulsar Functions Worker's Archive Extraction Vulnerability Allows Unauthorized File Modification Critical
CVE-2024-27317 was published for org.apache.pulsar:pulsar-functions-worker (Maven) Mar 12, 2024
oscerd Credited to oscerd
Apache Pulsar: Improper Authorization For Topic-Level Policy Management Moderate
CVE-2024-28098 was published for org.apache.pulsar:pulsar-broker (Maven) Mar 12, 2024
oscerd Credited to oscerd
Apache Pulsar: Improper Input Validation in Pulsar Function Worker allows Remote Code Execution High
CVE-2024-27135 was published for org.apache.pulsar:pulsar-functions-worker (Maven) Mar 12, 2024
oscerd Credited to oscerd
URL Redirection to Untrusted Site in OAuth2/OpenID in directus Moderate
CVE-2024-28239 was published for directus (npm) Mar 12, 2024
soulseekah Credited to soulseekah
Session Token in URL in directus Low
CVE-2024-28238 was published for directus (npm) Mar 12, 2024
Microsoft Security Advisory CVE-2024-21392: .NET Denial of Service Vulnerability High
CVE-2024-21392 was published for Microsoft.NETCore.App.Runtime.linux-arm (NuGet) Mar 12, 2024
r3kumar Credited to r3kumar and TAINA-AntonyBingham TAINA-AntonyBingham TAINA-AntonyBingham
Remote Code Execution Vulnerability in Microsoft Django Backend for SQL Server High
CVE-2024-26164 was published for mssql-django (pip) Mar 12, 2024
ASA-2024-006: ValidateVoteExtensions helper function in Cosmos SDK may allow incorrect voting power assumptions High
GHSA-95rx-m9m5-m94v was published for github.com/cosmos/cosmos-sdk (Go) Mar 12, 2024
StimulusReflex arbitrary method call High
CVE-2024-28121 was published for stimulus_reflex (RubyGems) Mar 12, 2024
FelixMartel Credited to FelixMartel, marcoroth, and matt-phylum marcoroth marcoroth
matt-phylum matt-phylum
Cross-site Scripting (XSS) possible with maliciously formed HTML attribute names and values in Phlex High
CVE-2024-28199 was published for phlex (RubyGems) Mar 12, 2024
p8 Credited to p8, joeldrapper, and willcosgrove joeldrapper joeldrapper
willcosgrove willcosgrove
Account Takeover via Session Fixation in Zitadel [Bypassing MFA] High
CVE-2024-28197 was published for github.com/zitadel/zitadel (Go) Mar 11, 2024
amit-laish Credited to amit-laish
1Panel is vulnerable to command injection Moderate
CVE-2024-2352 was published for github.com/1Panel-dev/1Panel (Go) Mar 10, 2024
raspap-webgui vulnerable to denial of service High
CVE-2024-28754 was published for billz/raspap-webgui (Composer) Mar 9, 2024
WeasyPrint allows the attachment of arbitrary files and URLs to a PDF High
CVE-2024-28184 was published for weasyprint (pip) Mar 8, 2024
nullie Credited to nullie
LibOSDP RMAC revert to the beginning of the session Moderate
CVE-2024-52288 was published for libosdp (pip) Mar 8, 2024
e-ot Credited to e-ot
LibOSDP vulnerable to a null pointer deref in osdp_reply_name Moderate
CVE-2024-52296 was published for libosdp (pip) Mar 8, 2024
e-ot Credited to e-ot
Django MarkdownX Cross-Site Scripting (XSS) vulnerability Moderate
CVE-2024-2319 was published for django-markdownx (pip) Mar 8, 2024
JWX vulnerable to a denial of service attack using compressed JWE message Moderate
CVE-2024-28122 was published for github.com/lestrrat-go/jwx (Go) Mar 8, 2024
zer0yu Credited to zer0yu
Go JOSE vulnerable to Improper Handling of Highly Compressed Data (Data Amplification) Moderate
CVE-2024-28180 was published for github.com/go-jose/go-jose/v3 (Go) Mar 7, 2024
zer0yu Credited to zer0yu, chenjj, hectorj2f, and vrv7567 chenjj chenjj
hectorj2f hectorj2f vrv7567 vrv7567
pgAdmin 4 vulnerable to Unsafe Deserialization and Remote Code Execution by an Authenticated user Critical
CVE-2024-2044 was published for pgAdmin4 (pip) Mar 7, 2024
TheZ3ro Credited to TheZ3ro
kubevirt-csi: PersistentVolume allows access to HCP's root node High
CVE-2024-1725 was published for github.com/kubevirt/csi-driver (Go) Mar 7, 2024
Grafana's users with permissions to create a data source can CRUD all data sources High
CVE-2024-1442 was published for github.com/grafana/grafana (Go) Mar 7, 2024
jose vulnerable to resource exhaustion via specifically crafted JWE with compressed plaintext Moderate
CVE-2024-28176 was published for jose (npm) Mar 7, 2024
P3ngu1nW Credited to P3ngu1nW and panva panva panva
Wasmi Out-of-bounds Write for host to Wasm calls with more than 128 Parameters High
CVE-2024-28123 was published for wasmi (Rust) Mar 7, 2024
PaddlePaddle Path Traversal vulnerability Critical
CVE-2024-0818 was published for paddlepaddle (pip) Mar 7, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database