Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
48
GitHub Actions
48
Go
3,393
Maven
5,000+
npm
5,000+
NuGet
882
pip
4,614
Pub
13
RubyGems
1,026
Rust
1,205
Swift
51
Unreviewed advisories
All unreviewed
5,000+

28,243 advisories

Loading
aliyundrive-webdav vulnerable to Command Injection High
CVE-2024-29640 was published for aliyundrive-webdav (pip) Mar 29, 2024
Winter CMS Server-Side Template Injection (SSTI) vulnerability High
CVE-2024-29686 was published for wintercms/winter (Composer) Mar 29, 2024
CodeIgniter4 DoS Vulnerability High
CVE-2024-29904 was published for codeigniter4/framework (Composer) Mar 29, 2024
colethorsen Credited to colethorsen
Elasticsearch Uncaught Exception leading to crash Moderate
CVE-2024-23449 was published for org.elasticsearch:elasticsearch (Maven) Mar 29, 2024
AnonySE26 Credited to AnonySE26
Incorrect Access Control in NodeBB Moderate
CVE-2024-29316 was published for nodebb (npm) Mar 29, 2024
Podman affected by CVE-2024-1753 container escape at build time Moderate
CVE-2024-1753 was published for github.com/containers/podman/v4 (Go) Mar 28, 2024
rmcnamara-snyk Credited to rmcnamara-snyk
Serverpod improved security for stored password hashes Moderate
CVE-2024-29886 was published for serverpod_auth_server (Pub) Mar 28, 2024
Serverpod client accepts any certificate High
CVE-2024-29887 was published for serverpod_client (Pub) Mar 28, 2024
Skycoder42 Credited to Skycoder42
Saleor: Customers' addresses leak when using Warehouse as a `Pickup: Local stock only` delivery method Moderate
CVE-2024-29888 was published for saleor (pip) Mar 28, 2024
Cilium has insecure IPsec transport encryption High
CVE-2024-28860 was published for github.com/cilium/cilium (Go) Mar 28, 2024
pchaigno Credited to pchaigno, NikAleksandrov, iokill, and marshrayms NikAleksandrov NikAleksandrov
iokill iokill marshrayms marshrayms
Cross site scripting (XSS) in JupyterHub via Self-XSS leveraged by Cookie Tossing High
CVE-2024-28233 was published for jupyterhub (pip) Mar 28, 2024
Th0h0 Credited to Th0h0
ZITADEL's Improper Content-Type Validation Leads to Account Takeover via Stored XSS + CSP Bypass High
CVE-2024-29891 was published for github.com/zitadel/zitadel (Go) Mar 28, 2024
amit-laish Credited to amit-laish, fforootd, livio-a, and adlerhurst fforootd fforootd
livio-a livio-a adlerhurst adlerhurst
ZITADEL's actions can overload reserved claims High
CVE-2024-29892 was published for github.com/zitadel/zitadel (Go) Mar 28, 2024
schettn Credited to schettn, fforootd, adlerhurst, and livio-a fforootd fforootd
adlerhurst adlerhurst livio-a livio-a
domain-suffix RegEx Denial of Service High
CVE-2024-25354 was published for domain-suffix (npm) Mar 28, 2024
dsimk Credited to dsimk
SQL Injection vulnerability in Reportico Till High
CVE-2023-47438 was published for reportico-web/reportico (Composer) Mar 28, 2024
web3-utils Prototype Pollution vulnerability High
CVE-2024-21505 was published for web3-utils (npm) Mar 27, 2024
Elasticsearch Incorrect Authorization vulnerability Moderate
CVE-2024-23451 was published for org.elasticsearch:elasticsearch (Maven) Mar 27, 2024
Gradio's CI vulnerable to Command Injection High
CVE-2024-1540 was published for gradio (pip) Mar 27, 2024 withdrawn
Elasticsearch Uncontrolled Resource Consumption vulnerability Moderate
CVE-2024-23450 was published for org.elasticsearch:elasticsearch (Maven) Mar 27, 2024
Eclipse Vert.x memory leak Moderate
CVE-2024-1023 was published for io.vertx:vertx-core (Maven) Mar 27, 2024
marcelstoer Credited to marcelstoer
Lektor does not sanitize database path traversal Critical
CVE-2024-28335 was published for Lektor (pip) Mar 27, 2024
gradio Server-Side Request Forgery vulnerability High
CVE-2024-2206 was published for gradio (pip) Mar 27, 2024
Ignite Realtime Openfire privilege escalation vulnerability High
CVE-2024-25420 was published for org.igniterealtime.openfire:xmppserver (Maven) Mar 26, 2024
Ignite Realtime Openfire privilege escalation vulnerability High
CVE-2024-25421 was published for org.igniterealtime.openfire:xmppserver (Maven) Mar 26, 2024
TinyMCE Cross-Site Scripting (XSS) vulnerability in handling iframes Moderate
CVE-2024-29203 was published for TinyMCE (Composer) Mar 26, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database