Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
50
Go
3,615
Maven
5,000+
npm
5,000+
NuGet
925
pip
4,835
Pub
13
RubyGems
1,045
Rust
1,256
Swift
53
Unreviewed advisories
All unreviewed
5,000+

29,445 advisories

Loading
XWiki Platform document history including authors of any page exposed to unauthorized actors Moderate
CVE-2024-45591 was published for org.xwiki.platform:xwiki-platform-rest-server (Maven) Sep 10, 2024
Xiqinger Credited to Xiqinger
auditor-bundle vulnerable to Cross-site Scripting because name of entity does not get escaped Moderate
CVE-2024-45592 was published for damienharper/auditor-bundle (Composer) Sep 10, 2024
fkropfhamer Credited to fkropfhamer
body-parser vulnerable to denial of service when url encoding is enabled High
CVE-2024-45590 was published for body-parser (npm) Sep 10, 2024
AdamKorcz Credited to AdamKorcz, UlisesGascon, ctcpip, and wesleytodd UlisesGascon UlisesGascon
ctcpip ctcpip wesleytodd wesleytodd
node-gettext vulnerable to Prototype Pollution High
CVE-2024-21528 was published for node-gettext (npm) Sep 10, 2024
ThinkPHP deserialization vulnerability Critical
CVE-2024-44902 was published for topthink/framework (Composer) Sep 9, 2024
Duplicate Advisory: Keycloak Uses a Key Past its Expiration Date Moderate
GHSA-57rh-gr4v-j5f6 was published for org.keycloak:keycloak-core (Maven) Sep 9, 2024 withdrawn
Keycloak Open Redirect vulnerability Moderate
CVE-2024-7260 was published for org.keycloak:keycloak-core (Maven) Sep 9, 2024
Duplicate Advisory: Keycloak Session Fixation vulnerability High
GHSA-j76j-rqwj-jmvv was published for org.keycloak:keycloak-services (Maven) Sep 9, 2024 withdrawn
stianst Credited to stianst
Twig has a possible sandbox bypass Moderate
CVE-2024-45411 was published for twig/twig (Composer) Sep 9, 2024
fabpot Credited to fabpot and stof stof stof
path-to-regexp outputs backtracking regular expressions High
CVE-2024-45296 was published for path-to-regexp (npm) Sep 9, 2024
blakeembrey Credited to blakeembrey, ctcpip, uniabis, stbenjam, pseudoralph, mschfh, jusemon, panva, alenovik, and jaydeep-bypt ctcpip ctcpip
uniabis uniabis stbenjam stbenjam pseudoralph pseudoralph mschfh mschfh jusemon jusemon panva panva alenovik alenovik jaydeep-bypt jaydeep-bypt
Craft CMS vulnerable to stored XSS in breadcrumb list and title fields Moderate
CVE-2024-45406 was published for craftcms/cms (Composer) Sep 9, 2024
amame04 Credited to amame04
Httpful is Missing Certificate Validation Moderate
GHSA-gcfg-hmwx-wq5h was published for nategood/httpful (Composer) Sep 9, 2024
pyload-ng vulnerable to RCE with js2py sandbox escape Critical
CVE-2024-39205 was published for pyload-ng (pip) Sep 9, 2024
Marven11 Credited to Marven11
External Secrets Operator vulnerable to privilege escalation High
CVE-2024-45041 was published for github.com/external-secrets/external-secrets (Go) Sep 9, 2024
younaman Credited to younaman
AngularJS allows attackers to bypass common image source restrictions Low
CVE-2024-8372 was published for angular (npm) Sep 9, 2024
AngularJS allows attackers to bypass common image source restrictions Low
CVE-2024-8373 was published for angular (npm) Sep 9, 2024
Gouniverse GoLang CMS vulnerable to Cross-site Scripting Moderate
CVE-2024-8572 was published for github.com/gouniverse/cms (Go) Sep 8, 2024
Apache Airflow vulnerable to Improper Encoding or Escaping of Output High
CVE-2024-45498 was published for apache-airflow (pip) Sep 7, 2024
exolightor Credited to exolightor
Apache Airflow vulnerable to Execution with Unnecessary Privileges High
CVE-2024-45034 was published for apache-airflow (pip) Sep 7, 2024
Default installation of `synthetic-monitoring-agent` exposes sensitive information Moderate
CVE-2022-46156 was published for github.com/grafana/synthetic-monitoring-agent (Go) Sep 6, 2024
iamwillbar Credited to iamwillbar
Exposure of debug and metrics endpoints in Pomerium Moderate
CVE-2022-24797 was published for github.com/pomerium/pomerium (Go) Sep 6, 2024
gix-path improperly resolves configuration path reported by Git Moderate
CVE-2024-45405 was published for gix-path (Rust) Sep 6, 2024
EliahKagan Credited to EliahKagan
gnark's Groth16 commitment extension unsound for more than one commitment Moderate
CVE-2024-45039 was published for github.com/consensys/gnark (Go) Sep 6, 2024
maltezellic Credited to maltezellic and ivokub ivokub ivokub
HTML injection in JupyterLite leading to DOM Clobbering Moderate
GHSA-gj55-2xf9-67rq was published for jupyterlite-core (pip) Sep 6, 2024
ishmeals Credited to ishmeals and jackfromeast jackfromeast jackfromeast
XXE vulnerability in XSLT transforms in `org.hl7.fhir.core` High
CVE-2024-45294 was published for ca.uhn.hapi.fhir:org.hl7.fhir.dstu2016may (Maven) Sep 6, 2024
qligier Credited to qligier
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database