Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
50
Go
3,606
Maven
5,000+
npm
5,000+
NuGet
924
pip
4,831
Pub
13
RubyGems
1,045
Rust
1,256
Swift
53
Unreviewed advisories
All unreviewed
5,000+

29,428 advisories

Loading
Apache SeaTunnel SQL Injection vulnerability High
CVE-2023-49198 was published for org.apache.seatunnel:seatunnel (Maven) Aug 21, 2024
Openshift Console insufficient entropy vulnerability Moderate
CVE-2024-6508 was published for github.com/openshift/console (Go) Aug 21, 2024
Apache Helix Front (UI) component contained a hard-coded secret High
CVE-2024-22281 was published for org.apache.helix:helix (Maven) Aug 21, 2024
Withdrawn Advisory: Kanister vulnerable to cluster-level privilege escalation Moderate
CVE-2024-43403 was published for github.com/kanisterio/kanister (Go) Aug 20, 2024 withdrawn
younaman Credited to younaman and hairyhum hairyhum hairyhum
Ghost's improper authentication allows access to member information and actions Moderate
CVE-2024-43409 was published for @tryghost/portal (npm) Aug 20, 2024
1337Nerd Credited to 1337Nerd
LF Edge eKuiper has a SQL Injection in sqlKvStore High
CVE-2024-43406 was published for ekuiper (Go) Aug 20, 2024
leonnewton Credited to leonnewton
Khoj Vulnerable to Stored Cross-site Scripting In Automate (Preview feature) Moderate
CVE-2024-43396 was published for khoj (pip) Aug 20, 2024
calligraf0 Credited to calligraf0
apollo-portal has potential unauthorized access issue Moderate
CVE-2024-43397 was published for com.ctrip.framework.apollo:apollo (Maven) Aug 20, 2024
matrix-js-sdk will freeze when a user sets a room with itself as a its predecessor Moderate
CVE-2024-42369 was published for matrix-js-sdk (npm) Aug 20, 2024
morguldir Credited to morguldir
Capsule tenant owner with "patch namespace" permission can hijack system namespaces High
CVE-2024-39690 was published for github.com/projectcapsule/capsule (Go) Aug 20, 2024
sparkEchooo Credited to sparkEchooo
Umbraco CMS Improper Access Control vulnerability Moderate
CVE-2024-43377 was published for Umbraco.Cms (NuGet) Aug 20, 2024
Grafana plugin data sources vulnerable to access control bypass Moderate
CVE-2024-6322 was published for github.com/grafana/grafana (Go) Aug 20, 2024
Umbraco CMS vulnerable to Generation of Error Message Containing Sensitive Information Moderate
CVE-2024-43376 was published for Umbraco.Cms.Api.Management (NuGet) Aug 20, 2024
Apache Dolphinscheduler Code Injection vulnerability Critical
CVE-2024-43202 was published for org.apache.dolphinscheduler:dolphinscheduler-task-api (Maven) Aug 20, 2024
Spring Framework vulnerable to Denial of Service Moderate
CVE-2024-38808 was published for org.springframework:spring-expression (Maven) Aug 20, 2024
Spring Security Missing Authorization vulnerability Moderate
CVE-2024-38810 was published for org.springframework.security:spring-security-core (Maven) Aug 20, 2024
In XWiki Platform, payloads stored in content is executed when a user with script/programming right edit them Critical
CVE-2024-43401 was published for org.xwiki.platform:xwiki-platform-web-templates (Maven) Aug 19, 2024
floerer Credited to floerer
XWiki Platform allows XSS through XClass name in string properties Critical
CVE-2024-43400 was published for org.xwiki.platform:xwiki-platform-oldcore (Maven) Aug 19, 2024
Mobile Security Framework (MobSF) has a Zip Slip Vulnerability in .a Static Library Files High
CVE-2024-43399 was published for mobsf (pip) Aug 19, 2024
bulutenes Credited to bulutenes
fugit parse and parse_nat stall on lengthy input Moderate
CVE-2024-43380 was published for fugit (RubyGems) Aug 19, 2024
personnumber3377 Credited to personnumber3377 and bensheldon bensheldon bensheldon
Trufflehog vulnerable to Blind SSRF in some Detectors Low
CVE-2024-43379 was published for github.com/trufflesecurity/trufflehog/v3 (Go) Aug 19, 2024
abankalarm Credited to abankalarm
SQLx Binary Protocol Misinterpretation caused by Truncating or Overflowing Casts Moderate
GHSA-xmrp-424f-vfpx was published for sqlx (Rust) Aug 19, 2024
Miniscript allows stack consumption Moderate
CVE-2024-44073 was published for miniscript (Rust) Aug 19, 2024
apoelstra Credited to apoelstra
Microcks's POST /api/import and POST /api/export endpoints allow non-administrator access High
CVE-2024-44076 was published for io.github.microcks:microcks-app (Maven) Aug 19, 2024
Flask-CORS allows the `Access-Control-Allow-Private-Network` CORS header to be set to true by default High
CVE-2024-6221 was published for Flask-Cors (pip) Aug 18, 2024
adrianosela Credited to adrianosela, Alex-ley-scrub, and icarocd Alex-ley-scrub Alex-ley-scrub
icarocd icarocd
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database