Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
44
GitHub Actions
46
Go
3,272
Maven
5,000+
npm
5,000+
NuGet
867
pip
4,519
Pub
12
RubyGems
1,003
Rust
1,194
Swift
51
Unreviewed advisories
All unreviewed
5,000+

27,574 advisories

Loading
Arbitrary file read vulnerability in Jenkins Log Command Plugin High
CVE-2024-23904 was published for org.jenkins-ci.plugins:log-command (Maven) Jan 24, 2024
Apache Airflow: pickle deserialization vulnerability in XComs High
CVE-2023-50943 was published for apache-airflow (pip) Jan 24, 2024
Apache Airflow: Bypass permission verification to read code of other dags High
CVE-2023-50944 was published for apache-airflow (pip) Jan 24, 2024
Apache Airflow CNCF Kubernetes provider, Apache Airflow: Kubernetes configuration file saved without encryption in the Metadata and logged as plain text in the Triggerer service Moderate
CVE-2023-51702 was published for apache-airflow (pip) Jan 24, 2024
Sending a GET or HEAD request with a body crashes SvelteKit High
CVE-2024-23641 was published for @sveltejs/adapter-node (npm) Jan 24, 2024
kamerat Credited to kamerat, Rich-Harris, Conduitry, dominikg, and benmccann Rich-Harris Rich-Harris
Conduitry Conduitry dominikg dominikg benmccann benmccann
Cross-site Scripting Vulnerability on Data Import Moderate
CVE-2024-23633 was published for label-studio (pip) Jan 24, 2024
alex-elttam Credited to alex-elttam
Cross-site Scripting Vulnerability on Avatar Upload High
CVE-2023-47115 was published for label-studio (pip) Jan 24, 2024
alex-elttam Credited to alex-elttam
Cross-site Scripting in JFinal Moderate
CVE-2024-22497 was published for com.jfinal:jfinal (Maven) Jan 23, 2024
Use-after-free when setting the locale Moderate
GHSA-c8v3-jhv9-4ppc was published for rust-i18n-support (Rust) Jan 23, 2024
Remote Command Execution in SOFARPC Critical
CVE-2024-23636 was published for com.alipay.sofa:rpc-sofa-boot-starter (Maven) Jan 23, 2024
yemoli Credited to yemoli
No permission checks for editing/deleting records with CSV import form Moderate
CVE-2023-49783 was published for silverstripe/admin (Composer) Jan 23, 2024
GuySartorelli Credited to GuySartorelli
Cross-site Scripting in beetl-bbs Moderate
CVE-2024-22490 was published for com.ibeetl:beetl (Maven) Jan 23, 2024
Cross-site Scripting in JFinal Moderate
CVE-2024-22496 was published for com.jfinal:jfinal (Maven) Jan 23, 2024
Cross-site Scripting in Apache superset Critical
CVE-2023-49657 was published for apache-superset (pip) Jan 23, 2024
XSS potential in rendered Markdown fields (comments, description, notes, etc.) High
CVE-2024-23345 was published for nautobot (pip) Jan 23, 2024
Kircheneer Credited to Kircheneer
keycloak-core: open redirect via "form_post.jwt" JARM response mode Moderate
CVE-2023-6927 was published for org.keycloak:keycloak-core (Maven) Jan 23, 2024
PontusHanssen Credited to PontusHanssen, kasperkarlsson, and Chetven kasperkarlsson kasperkarlsson
Chetven Chetven
Unsound sending of non-Send types across threads in threadalone Moderate
GHSA-w59h-378f-2frm was published for threadalone (Rust) Jan 23, 2024
Prototype pollution not blocked by object-path related utilities in hoolock Moderate
CVE-2024-23339 was published for hoolock (npm) Jan 23, 2024
d3ng03 Credited to d3ng03
@hono/node-server cannot handle "double dots" in URL Moderate
CVE-2024-23340 was published for @hono/node-server (npm) Jan 23, 2024
changedetection.io API endpoint is not secured with API token Low
CVE-2024-23329 was published for changedetection.io (pip) Jan 23, 2024
rozpuszczalny Credited to rozpuszczalny
Record titles for restricted records can be viewed if exposed by GridFieldAddExistingAutocompleter Moderate
CVE-2023-48714 was published for silverstripe/framework (Composer) Jan 23, 2024
View permissions are bypassed for paginated lists of ORM data Moderate
CVE-2023-44401 was published for silverstripe/graphql (Composer) Jan 23, 2024
Minerva timing attack on P-256 in python-ecdsa High
CVE-2024-23342 was published for ecdsa (pip) Jan 22, 2024
tomato42 Credited to tomato42 and levpachmanov levpachmanov levpachmanov
html injection vulnerability in the `tuitse_html` function. Moderate
CVE-2024-23341 was published for TuiTse-TsuSin (pip) Jan 22, 2024
Multiple issues involving quote API in shlex Low
CVE-2024-58266 was published for shlex (Rust) Jan 22, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database