Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
50
Go
3,606
Maven
5,000+
npm
5,000+
NuGet
924
pip
4,831
Pub
13
RubyGems
1,045
Rust
1,256
Swift
53
Unreviewed advisories
All unreviewed
5,000+

29,441 advisories

Loading
CometVisu Backend for openHAB has a path traversal vulnerability Moderate
CVE-2024-42468 was published for org.openhab.ui.bundles:org.openhab.ui.cometvisu (Maven) Aug 9, 2024
p- Credited to p- and peuter peuter peuter
CometVisu Backend for openHAB affected by RCE through path traversal Critical
CVE-2024-42469 was published for org.openhab.ui.bundles:org.openhab.ui.cometvisu (Maven) Aug 9, 2024
p- Credited to p-
CometVisu Backend for openHAB has a sensitive information disclosure vulnerability Moderate
CVE-2024-42470 was published for org.openhab.ui.bundles:org.openhab.ui.cometvisu (Maven) Aug 9, 2024
p- Credited to p-
CometVisu Backend for openHAB affected by SSRF/XSS High
CVE-2024-42467 was published for org.openhab.ui.bundles:org.openhab.ui.cometvisu (Maven) Aug 9, 2024
p- Credited to p- and peuter peuter peuter
In aiohttp, compressed files as symlinks are not protected from path traversal Moderate
CVE-2024-42367 was published for aiohttp (pip) Aug 9, 2024
steverep Credited to steverep and bdraco bdraco bdraco
Concrete CMS Stored XSS in getAttributeSetName Moderate
CVE-2024-7394 was published for concrete5/concrete5 (Composer) Aug 8, 2024
CosmWasm wasmd has large address count in ValidateBasic Moderate
GHSA-m3rh-cvr5-x6q4 was published for github.com/CosmWasm/wasmd (Go) Aug 8, 2024
sushiwushi Credited to sushiwushi
Gas mispricing in cosmwasm-vm Moderate
GHSA-rg2q-2jh9-447q was published for cosmwasm-vm (Go) Aug 8, 2024
unknownfeature Credited to unknownfeature
Shopware vulnerable to blind SQL-injection in DAL aggregations Moderate
CVE-2024-42357 was published for shopware/core (Composer) Aug 8, 2024
Shopware vulnerable to Server Side Template Injection in Twig using Context functions High
CVE-2024-42356 was published for shopware/core (Composer) Aug 8, 2024
Creastery Credited to Creastery
Shopware vulnerable to Server Side Template Injection in Twig using deprecation silence tag High
CVE-2024-42355 was published for shopware/core (Composer) Aug 8, 2024
Creastery Credited to Creastery
Shopware vulnerable to Improper Access Control with ManyToMany associations in store-api Moderate
CVE-2024-42354 was published for shopware/core (Composer) Aug 8, 2024
JoshuaBehrens Credited to JoshuaBehrens
JupyterHub has a privilege escalation vulnerability with the `admin:users` scope High
CVE-2024-41942 was published for jupyterhub (pip) Aug 8, 2024
oliver-sanders Credited to oliver-sanders
Open WebUI Stored Cross-Site Scripting Vulnerability Moderate
CVE-2024-6706 was published for open-webui (pip) Aug 8, 2024
Pulp incorrectly assigns RBAC permissions in tasks that create objects High
CVE-2024-7143 was published for pulpcore (pip) Aug 7, 2024
Django SQL injection vulnerability Critical
CVE-2024-42005 was published for Django (pip) Aug 7, 2024
Jenkins Remoting library arbitrary file read vulnerability High
CVE-2024-43044 was published for org.jenkins-ci.main:jenkins-core (Maven) Aug 7, 2024
Jenkins does not perform a permission check in an HTTP endpoint Moderate
CVE-2024-43045 was published for org.jenkins-ci.main:jenkins-core (Maven) Aug 7, 2024
Django vulnerable to denial-of-service attack Moderate
CVE-2024-41991 was published for Django (pip) Aug 7, 2024
Django vulnerable to a denial-of-service attack Moderate
CVE-2024-41990 was published for Django (pip) Aug 7, 2024
Django memory consumption vulnerability Moderate
CVE-2024-41989 was published for Django (pip) Aug 7, 2024
Gorush uses deprecated TLS versions Moderate
CVE-2024-41270 was published for github.com/appleboy/gorush (Go) Aug 6, 2024
Qwik has a potential mXSS vulnerability due to improper HTML escaping Moderate
CVE-2024-41677 was published for @builder.io/qwik (npm) Aug 6, 2024
arkark Credited to arkark
Microweber Reflected Cross-site scripting (XSS) vulnerability Moderate
CVE-2024-40101 was published for microweber/microweber (Composer) Aug 6, 2024
Matrix SDK for React's URL preview setting for a room is controllable by the homeserver Moderate
CVE-2024-42347 was published for matrix-react-sdk (npm) Aug 6, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database