Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
50
Go
3,615
Maven
5,000+
npm
5,000+
NuGet
925
pip
4,835
Pub
13
RubyGems
1,045
Rust
1,256
Swift
53
Unreviewed advisories
All unreviewed
5,000+

29,445 advisories

Loading
LibreNMS has Stored Cross-site Scripting vulnerability in "Alert Templates" feature Low
CVE-2024-47526 was published for librenms/librenms (Composer) Oct 1, 2024
cx-raphael-silva Credited to cx-raphael-silva and RaphaelCSSilva RaphaelCSSilva RaphaelCSSilva
LibreNMS has Stored Cross-site Scripting vulnerability in "Device Dependencies" feature Moderate
CVE-2024-47527 was published for librenms/librenms (Composer) Oct 1, 2024
cx-raphael-silva Credited to cx-raphael-silva and RaphaelCSSilva RaphaelCSSilva RaphaelCSSilva
Decidim has a cross-site scripting vulnerability in the version control page High
CVE-2024-41673 was published for decidim (RubyGems) Oct 1, 2024
Incorrect delegation lookups can make go-tuf download the wrong artifact High
CVE-2024-47534 was published for github.com/theupdateframework/go-tuf/v2 (Go) Oct 1, 2024
AdamKorcz Credited to AdamKorcz and mamccorm mamccorm mamccorm
Pagekit Cross-site Scripting vulnerability Moderate
CVE-2024-45967 was published for pagekit/pagekit (Composer) Oct 1, 2024
uPlot Prototype Pollution vulnerability High
CVE-2024-21489 was published for uplot (npm) Oct 1, 2024
git-shallow-clone Argument Injection vulnerability Moderate
CVE-2024-21531 was published for git-shallow-clone (npm) Oct 1, 2024
dsimk Credited to dsimk
starcitizentools/citizen-skin vulnerable to stored, self-XSS in the "real name" field Moderate
CVE-2024-47536 was published for starcitizentools/citizen-skin (Composer) Sep 30, 2024
BlankEclair Credited to BlankEclair
basic-auth-connect's callback uses time unsafe string comparison High
CVE-2024-47178 was published for basic-auth-connect (npm) Sep 30, 2024
UlisesGascon Credited to UlisesGascon, ctcpip, AdamKorcz, and blakeembrey ctcpip ctcpip
AdamKorcz AdamKorcz blakeembrey blakeembrey
MantisBT vulnerable to information disclosure with user profiles Moderate
CVE-2024-45792 was published for mantisbt/mantisbt (Composer) Sep 30, 2024
c-schmitz Credited to c-schmitz and dregad dregad dregad
RestrictedPython information leakage via `AttributeError.obj` and the `string` module High
CVE-2024-47532 was published for RestrictedPython (pip) Sep 30, 2024
Quasar0147 Credited to Quasar0147, dronex7070, d-maurer, dataflake, and icemac dronex7070 dronex7070
d-maurer d-maurer dataflake dataflake icemac icemac
Deserialization of Untrusted Data vulnerability in Apache Lucene Replicator. Moderate
CVE-2024-45772 was published for org.apache.lucene:lucene-replicator (Maven) Sep 30, 2024
streichsbaer Credited to streichsbaer
Eclipse Glassfish improperly handles http parameters Moderate
CVE-2024-9329 was published for org.glassfish.main.admin:rest-service (Maven) Sep 30, 2024
Filament has unvalidated ColorColumn and ColorEntry values that can be used for Cross-site Scripting Moderate
CVE-2024-47186 was published for filament/infolists (Composer) Sep 27, 2024
sv-LayZ Credited to sv-LayZ, danharrin, and sunnypatell danharrin danharrin
sunnypatell sunnypatell
ReLaXed Cross-site Scripting vulnerability Low
CVE-2024-9283 was published for relaxedjs (npm) Sep 27, 2024
m3t3kh4n Credited to m3t3kh4n
Inefficient Regular Expression Complexity in langflow Moderate
CVE-2024-9277 was published for langflow (pip) Sep 27, 2024
m3t3kh4n Credited to m3t3kh4n
Vault SSH Secrets Engine Configuration Did Not Restrict Valid Principals By Default High
CVE-2024-7594 was published for github.com/hashicorp/vault (Go) Sep 26, 2024
westonsteimel Credited to westonsteimel and cipherboy cipherboy cipherboy
Rancher agents can be hijacked by taking over the Rancher Server URL High
CVE-2024-22030 was published for github.com/rancher/rancher (Go) Sep 26, 2024
Agnai vulnerable to Relative Path Traversal in Image Upload Low
CVE-2024-47171 was published for agnai (npm) Sep 26, 2024
ropwareJB Credited to ropwareJB and noe233 noe233 noe233
Agnai File Disclosure Vulnerability: JSON via Path Traversal Low
CVE-2024-47170 was published for agnai (npm) Sep 26, 2024
ropwareJB Credited to ropwareJB and noe233 noe233 noe233
Agnai vulnerable to Remote Code Execution via JS Upload using Directory Traversal Critical
CVE-2024-47169 was published for agnai (npm) Sep 26, 2024
ropwareJB Credited to ropwareJB and noe233 noe233 noe233
Layui has DOM Clobbering gadgets that leads to Cross-site Scripting Moderate
CVE-2024-47075 was published for layui (npm) Sep 26, 2024
jackfromeast Credited to jackfromeast and ishmeals ishmeals ishmeals
Ory Kratos's setting required_aal `highest_available` does not properly respect code + mfa credentials Moderate
CVE-2024-45042 was published for github.com/ory/kratos (Go) Sep 26, 2024
IDOR vulnerability in account profile page Moderate
CVE-2024-39319 was published for aimeos/ai-controller-frontend (Composer) Sep 26, 2024
ssshah2131 Credited to ssshah2131
Maven Archetype Plugin: Maven Archetype integration-test may package local settings into the published artifact, possibly containing credentials Low
CVE-2024-47197 was published for org.apache.maven.plugins:maven-archetype-plugin (Maven) Sep 26, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database