Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
50
Go
3,606
Maven
5,000+
npm
5,000+
NuGet
924
pip
4,831
Pub
13
RubyGems
1,045
Rust
1,256
Swift
53
Unreviewed advisories
All unreviewed
5,000+

29,428 advisories

Loading
Sentry vulnerable to stored Cross-Site Scripting (XSS) High
CVE-2024-41656 was published for sentry (pip) Jul 23, 2024
stsewd Credited to stsewd
Apache Arrow Rust Object Store: AWS WebIdentityToken exposure in log files Moderate
CVE-2024-41178 was published for object_store (Rust) Jul 23, 2024
oscerd Credited to oscerd
vue-template-compiler vulnerable to client-side Cross-Site Scripting (XSS) Moderate
CVE-2024-6783 was published for vue-template-compiler (npm) Jul 23, 2024
sdesalas Credited to sdesalas and knutwannheden knutwannheden knutwannheden
(ReDoS) Regular Expression Denial of Service in tf2-item-format High
CVE-2024-41655 was published for tf2-item-format (npm) Jul 23, 2024
piman51277 Credited to piman51277
HashiCorp Nomad is vulnerable to path escape through archive unpacking during migration High
CVE-2024-6717 was published for github.com/hashicorp/nomad (Go) Jul 23, 2024
dduzgun-security Credited to dduzgun-security
CLSA Directory Traversal vulnerability Critical
CVE-2024-28698 was published for Csla (NuGet) Jul 22, 2024
rockfordlhotka Credited to rockfordlhotka
SixLabors ImageSharp has Excessive Memory Allocation in Gif Decoder Moderate
CVE-2024-41132 was published for SixLabors.ImageSharp (NuGet) Jul 22, 2024
ErazerBrecht Credited to ErazerBrecht
SixLabors ImageSharp Out-of-bounds Write High
CVE-2024-41131 was published for SixLabors.ImageSharp (NuGet) Jul 22, 2024
Erik-White Credited to Erik-White
ops leaking secrets if `subprocess.CalledProcessError` happens with a `secret-*` CLI command Moderate
CVE-2024-41129 was published for ops (pip) Jul 22, 2024
phvalguima Credited to phvalguima
openssl's `MemBio::get_buf` has undefined behavior with empty buffers Moderate
GHSA-q445-7m23-qrmw was published for openssl (Rust) Jul 22, 2024
DNSJava vulnerable to KeyTrap - Denial-of-Service Algorithmic Complexity Attacks High
GHSA-crjg-w57m-rqqf was published for dnsjava:dnsjava (Maven) Jul 22, 2024
levpachmanov Credited to levpachmanov and amita-seal amita-seal amita-seal
Argo CD Unauthenticated Denial of Service (DoS) Vulnerability via /api/webhook Endpoint High
CVE-2024-40634 was published for github.com/argoproj/argo-cd (Go) Jul 22, 2024
jake-ciolek Credited to jake-ciolek, crenshaw-dev, and pasha-codefresh crenshaw-dev crenshaw-dev
pasha-codefresh pasha-codefresh
Ankitects Anki arbitrary script execution vulnerability High
CVE-2024-26020 was published for anki (pip) Jul 22, 2024
bee-san Credited to bee-san
Anki Latex Incomplete Blocklist Vulnerability Moderate
CVE-2024-29073 was published for anki (pip) Jul 22, 2024
Jayy001 Credited to Jayy001
Ankitects Anki LaTeX Blocklist Bypass vulnerability Low
CVE-2024-32152 was published for anki (pip) Jul 22, 2024
Jayy001 Credited to Jayy001
DNSJava affected by KeyTrap - NSEC3 closest encloser proof can exhaust CPU resources High
GHSA-mmwx-rj87-vfgr was published for dnsjava:dnsjava (Maven) Jul 22, 2024
levpachmanov Credited to levpachmanov and amita-seal amita-seal amita-seal
DNSJava DNSSEC Bypass High
CVE-2024-25638 was published for dnsjava:dnsjava (Maven) Jul 22, 2024
bellebaum Credited to bellebaum, schanzen, milux, and levpachmanov schanzen schanzen
milux milux levpachmanov levpachmanov
Apache Syncope Improper Input Validation vulnerability High
CVE-2024-38503 was published for org.apache.syncope.client.idrepo:syncope-client-idrepo-common-ui (Maven) Jul 22, 2024
Apache RocketMQ Vulnerable to Unauthorized Exposure of Sensitive Data Moderate
CVE-2024-23321 was published for org.apache.rocketmq:rocketmq-all (Maven) Jul 22, 2024
oscerd Credited to oscerd
Withdrawn: SFTPGo's JWT implmentation lacks certain security measures Moderate
CVE-2024-40430 was published for github.com/drakkan/sftpgo/v2 (Go) Jul 22, 2024 withdrawn
drakkan Credited to drakkan
Backdrop CMS does not sufficiently sanitize field labels before they are displayed in certain places Moderate
CVE-2024-41709 was published for backdrop/backdrop (Composer) Jul 22, 2024
Guardrails AI vulnerable to Improper Restriction of XML External Entity Reference High
CVE-2024-6961 was published for guardrails-ai (pip) Jul 21, 2024
H2O vulnerable to Deserialization of Untrusted Data High
CVE-2024-6960 was published for ai.h2o:h2o-core (Maven) Jul 21, 2024
LoLLMS vulnerable to Expected Behavior Violation High
CVE-2024-6281 was published for lollms (pip) Jul 20, 2024
Calibre-Web Cross Site Scripting (XSS) Moderate
CVE-2024-39123 was published for calibreweb (pip) Jul 19, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database