Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,635
Maven
5,000+
npm
4,262
NuGet
760
pip
4,057
Pub
12
RubyGems
956
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

1,128 advisories

Loading
Apache Karaf Cave: Cave SSRF and arbitrary file access Critical
CVE-2024-34365 was published for org.apache.karaf:cave (Maven) May 14, 2024
Uptime Kuma vulnerable to authenticated remote code execution via malicious plugin installation High
CVE-2023-36821 was published for uptime-kuma (npm) May 1, 2024
n-thumann
Credited to n-thumann
vyper performs incorrect topic logging in raw_log Moderate
CVE-2024-32645 was published for vyper (pip) Apr 25, 2024
chen-robert
Credited to chen-robert
vyper performs double eval of the slice start/length args in certain cases Moderate
CVE-2024-32646 was published for vyper (pip) Apr 25, 2024
cyberthirst
Credited to cyberthirst
Heketi Arbitrary Code Execution High
CVE-2017-15103 was published for github.com/heketi/heketi (Go) Apr 24, 2024
Kubernetes allows bypassing mountable secrets policy imposed by the ServiceAccount admission plugin Low
CVE-2024-3177 was published for k8s.io/kubernetes (Go) Apr 23, 2024
Keycloak Cross-site Scripting (XSS) via assertion consumer service URL in SAML POST-binding flow Moderate
CVE-2023-6717 was published for org.keycloak:keycloak-services (Maven) Apr 17, 2024
Magento Open Source allows Improper Input Validation High
CVE-2024-20758 was published for magento/community-edition (Composer) Apr 10, 2024
mysql2 cache poisoning vulnerability Moderate
CVE-2024-21507 was published for mysql2 (npm) Apr 10, 2024
Apache Zeppelin: LDAP search filter query Injection Vulnerability Moderate
CVE-2024-31867 was published for org.apache.zeppelin:zeppelin-server (Maven) Apr 9, 2024
oscerd
Credited to oscerd
Apache Zeppelin: Cron arbitrary user impersonation with improper privileges Moderate
CVE-2024-31865 was published for org.apache.zeppelin:zeppelin-server (Maven) Apr 9, 2024
oscerd
Credited to oscerd
Apache Zeppelin: Denial of service with invalid notebook name Moderate
CVE-2024-31862 was published for org.apache.zeppelin:zeppelin-server (Maven) Apr 9, 2024
Apache Zeppelin SAP: connecting to a malicious SAP server allowed it to perform XXE Moderate
CVE-2022-47894 was published for org.apache.zeppelin:sap (Maven) Apr 9, 2024
Apache Zeppelin Path Traversal vulnerability Moderate
CVE-2024-31860 was published for org.apache.zeppelin:zeppelin-server (Maven) Apr 9, 2024
Temporal Server Denial of Service Moderate
CVE-2024-2689 was published for github.com/temporalio/temporal (Go) Apr 4, 2024
Concrete CMS Stored XSS in blocks of type file Low
CVE-2024-3180 was published for concrete5/concrete5 (Composer) Apr 3, 2024
Concrete CMS Stored XSS in the Search Field Low
CVE-2024-3181 was published for concrete5/concrete5 (Composer) Apr 3, 2024
Concrete CMS Stored XSS in the Custom Class page editing Low
CVE-2024-3179 was published for concrete5/concrete5 (Composer) Apr 3, 2024
Concrete CMS Stored XSS on the calendar color settings screen Low
CVE-2024-2753 was published for concrete5/concrete5 (Composer) Apr 3, 2024
Concrete CMS Cross-site Scripting (XSS) in the Advanced File Search Filter Low
CVE-2024-3178 was published for concrete5/concrete5 (Composer) Apr 3, 2024
Cache Poisoning Vulnerability Moderate
CVE-2024-29042 was published for translate (npm) Mar 22, 2024
PinkDraconian
Credited to PinkDraconian
GeoServer Arbitrary file renaming vulnerability in REST Coverage/Data Store API Moderate
CVE-2024-23634 was published for org.geoserver:gs-restconfig (Maven) Mar 20, 2024
sikeoka
Credited to sikeoka
Arbitrary file upload vulnerability in GeoServer's REST Coverage Store API High
CVE-2023-51444 was published for org.geoserver:gs-platform (Maven) Mar 20, 2024
sikeoka
Credited to sikeoka
Server crashes on invalid Cloud Function or Cloud Job name Critical
CVE-2024-29027 was published for parse-server (npm) Mar 19, 2024
mtrezza EhsanParsania
Credited to mtrezza and EhsanParsania
Improper Input Validation vulnerability in Apache Hop Engine Moderate
CVE-2024-24683 was published for org.apache.hop:hop (Maven) Mar 19, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database