Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
44
GitHub Actions
46
Go
3,270
Maven
5,000+
npm
5,000+
NuGet
867
pip
4,517
Pub
12
RubyGems
998
Rust
1,194
Swift
51
Unreviewed advisories
All unreviewed
5,000+

27,557 advisories

Loading
Duplicate Advisory: Hard-coded credentials in org.folio:mod-remote-storage Moderate
GHSA-hv5g-q4h3-64q4 was published for org.folio:mod-remote-storage (Maven) Jan 19, 2024 withdrawn
Duplicate Advisory: JavaScript execution via malicious molfiles (XSS) Moderate
GHSA-wc6f-qjxc-622v was published for de.ipb-halle:molecularfaces (Maven) Jan 19, 2024 withdrawn
Duplicate Advisory: Exposure of sensitive information in ClickHouse High
GHSA-3p77-wg4c-qm24 was published for com.clickhouse:clickhouse-client (Maven) Jan 19, 2024 withdrawn
Duplicate Advisory: Sandbox escape in Artemis Java Test Sandbox High
GHSA-hj55-9jmv-9jrj was published for de.tum.in.ase:artemis-java-test-sandbox (Maven) Jan 19, 2024 withdrawn
Duplicate Advisory: Improper Verification of Cryptographic Signature in aws-encryption-sdk-java Moderate
GHSA-gvc7-gjrw-hj65 was published for com.amazonaws:aws-encryption-sdk-java (Maven) Jan 19, 2024 withdrawn
oscerd Credited to oscerd
Duplicate Advisory: Sandbox escape in Artemis Java Test Sandbox High
GHSA-23rx-79r7-6cpx was published for de.tum.in.ase:artemis-java-test-sandbox (Maven) Jan 19, 2024 withdrawn
Duplicate Advisory: Sandbox escape in Artemis Java Test Sandbox High
GHSA-c4pg-5ggh-vcpp was published for de.tum.in.ase:artemis-java-test-sandbox (Maven) Jan 19, 2024 withdrawn
Duplicate Advisory: Inefficient Algorithmic Complexity in com.upokecenter:cbor High
GHSA-hfj8-63c8-rmfw was published for com.upokecenter:cbor (Maven) Jan 19, 2024 withdrawn
Duplicate Advisory: Session fixation in Enonic XP Critical
GHSA-4hrp-m3f2-643j was published for com.enonic.xp:lib-auth (Maven) Jan 19, 2024 withdrawn
Arbitrary Code Execution in Pillow Critical
CVE-2023-50447 was published for Pillow (pip) Jan 19, 2024
github.com/argoproj/argo-cd Cross-Site Request Forgery vulnerability High
CVE-2024-22424 was published for github.com/argoproj/argo-cd (Go) Jan 19, 2024
aphtrinh Credited to aphtrinh
SurrealDB vulnerable to Uncontrolled CPU Consumption via WebSocket Interface High
GHSA-58j9-j2fj-v8f4 was published for surrealdb (Rust) Jan 19, 2024
JupyterLab vulnerable to potential authentication and CSRF tokens leak High
CVE-2024-22421 was published for jupyterlab (pip) Jan 19, 2024
davwwwx Credited to davwwwx
JupyterLab vulnerable to SXSS in Markdown Preview Moderate
CVE-2024-22420 was published for jupyterlab (pip) Jan 19, 2024
concat built-in can corrupt memory in vyper High
CVE-2024-22419 was published for vyper (pip) Jan 19, 2024
cyberthirst Credited to cyberthirst and kuroi8 kuroi8 kuroi8
Validation of `VoteExtensionsEnableHeight` can cause chain halt in Go package github.com/cometbft/cometbft High
GHSA-qr8r-m495-7hc4 was published for github.com/cometbft/cometbft (Go) Jan 19, 2024
Cross-Site Request Forgery on any API call in pyLoad may lead to admin privilege escalation Critical
CVE-2024-22416 was published for pyload-ng (pip) Jan 19, 2024
PinkDraconian Credited to PinkDraconian and kaydoda kaydoda kaydoda
Resource exhaustion vulnerability in h2 may lead to Denial of Service (DoS) Moderate
GHSA-8r5v-vm4m-4g25 was published for h2 (Rust) Jan 19, 2024
Marvin Attack of RSA and RSAOAEP decryption in jsrsasign High
CVE-2024-21484 was published for jsrsasign (npm) Jan 19, 2024
tomato42 Credited to tomato42
Apache Tomcat vulnerable to Generation of Error Message Containing Sensitive Information Moderate
CVE-2024-21733 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Jan 19, 2024
westonsteimel Credited to westonsteimel
Unsecured endpoints in the jupyter-lsp server extension High
CVE-2024-22415 was published for jupyter-lsp (pip) Jan 18, 2024
Uncontrolled Recursion in SurrealQL Parsing Moderate
GHSA-6r8p-hpg7-825g was published for surrealdb (Rust) Jan 18, 2024
Uncaught Exception processing HTTP Headers in SurrealDB High
GHSA-m24x-r6q3-2vp9 was published for surrealdb (Rust) Jan 18, 2024
Tu0Laj1 Credited to Tu0Laj1
Uncaught Exception in surrealdb Moderate
GHSA-jm4v-58r5-66hj was published for surrealdb (Rust) Jan 18, 2024
Tu0Laj1 Credited to Tu0Laj1 and jabis jabis jabis
Cross-Frame Scripting vulnerability has been found on Plone CMS High
CVE-2024-0669 was published for Plone (pip) Jan 18, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database