Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
50
Go
3,606
Maven
5,000+
npm
5,000+
NuGet
924
pip
4,831
Pub
13
RubyGems
1,045
Rust
1,256
Swift
53
Unreviewed advisories
All unreviewed
5,000+

29,428 advisories

Loading
electron-updater Code Signing Bypass on Windows High
CVE-2024-39698 was published for electron-updater (npm) Jul 9, 2024
mmaietta Credited to mmaietta, thomas-chauchefoin-bentley-systems, and eb-bsi thomas-chauchefoin-bentley-systems thomas-chauchefoin-bentley-systems
eb-bsi eb-bsi
Spring Cloud Function Framework vulnerable to Denial of Service High
CVE-2024-22271 was published for org.springframework.cloud:spring-cloud-function-context (Maven) Jul 9, 2024
panic on parsing crafted phonenumber inputs Critical
CVE-2024-39697 was published for phonenumber (Rust) Jul 9, 2024
rubdos Credited to rubdos
Undici vulnerable to data leak when using response.arrayBuffer() Low
CVE-2024-38372 was published for undici (npm) Jul 9, 2024
bcomnes Credited to bcomnes and KhafraDev KhafraDev KhafraDev
zipp Denial of Service vulnerability Moderate
CVE-2024-5569 was published for zipp (pip) Jul 9, 2024
Undertow Missing Release of Memory after Effective Lifetime vulnerability Moderate
CVE-2024-3653 was published for io.undertow:undertow-core (Maven) Jul 9, 2024
jw123023 Credited to jw123023
Undertow Denial of Service vulnerability High
CVE-2024-5971 was published for io.undertow:undertow-core (Maven) Jul 8, 2024
fawind Credited to fawind
Aim denial of service vulnerability High
CVE-2024-6227 was published for aim (pip) Jul 8, 2024
Directus Allows Single Sign-On User Enumeration High
CVE-2024-39896 was published for directus (npm) Jul 8, 2024
Directus GraphQL Field Duplication Denial of Service (DoS) High
CVE-2024-39895 was published for @directus/env (npm) Jul 8, 2024
asantof Credited to asantof
zerovec-derive incorrectly uses `#[repr(packed)]` Moderate
GHSA-74r5-g7vc-j2v2 was published for zerovec-derive (Rust) Jul 8, 2024
hikiko4ern Credited to hikiko4ern
Directus incorrectly handles `_in` filter High
CVE-2024-39701 was published for directus (npm) Jul 8, 2024
adelinn Credited to adelinn
zerovec incorrectly uses `#[repr(packed)]` Moderate
GHSA-xrv3-jmcp-374j was published for zerovec (Rust) Jul 8, 2024
Directus Blind SSRF On File Import Moderate
CVE-2024-39699 was published for @directus/api (npm) Jul 8, 2024
dmitrii-zalmanov Credited to dmitrii-zalmanov
Khoj Open Redirect Vulnerability in Login Page Moderate
GHSA-564j-v29w-rqr6 was published for khoj-assistant (pip) Jul 8, 2024
davidxbors Credited to davidxbors
yt-dlp has dependency on potentially malicious third-party code in Douyu extractors Low
GHSA-3v33-3wmw-3785 was published for yt-dlp (pip) Jul 8, 2024
LeSuisse Credited to LeSuisse and bashonly bashonly bashonly
NHibernate SQL injection vulnerability in discriminator mappings, static fields referenced in HQL, and some utilities High
CVE-2024-39677 was published for NHibernate (NuGet) Jul 8, 2024
hazzik Credited to hazzik and fredericDelaporte fredericDelaporte fredericDelaporte
RailsAdmin Cross-site Scripting vulnerability in the list view Moderate
CVE-2024-39308 was published for rails_admin (RubyGems) Jul 8, 2024
mshibuya Credited to mshibuya
Apache NiFi vulnerable to Cross-site Scripting Moderate
CVE-2024-37389 was published for org.apache.nifi:nifi-web-ui (Maven) Jul 8, 2024
abaykan Credited to abaykan
EGroupware mishandles an ORDER BY clause High
CVE-2024-40614 was published for egroupware/egroupware (Composer) Jul 7, 2024
blitzdose Credited to blitzdose
OPCFoundation.NetStandard.Opc.Ua.Core buffer-management vulnerability High
CVE-2024-33862 was published for OPCFoundation.NetStandard.Opc.Ua.Core (NuGet) Jul 6, 2024
Vanna vulnerable to SQL Injection High
CVE-2024-5753 was published for vanna (pip) Jul 5, 2024
Information Disclosure Vulnerability in Privacy Center of SERVER_SIDE_FIDES_API_URL Moderate
CVE-2024-31223 was published for ethyca-fides (pip) Jul 5, 2024
RobertKeyser Credited to RobertKeyser
Bypassing IP allow-lists in traefik via HTTP/3 early data requests in QUIC 0-RTT handshakes High
CVE-2024-39321 was published for github.com/traefik/traefik/v2 (Go) Jul 5, 2024
MWedl Credited to MWedl
ai-controller-frontend payment status in basket isn't reset Moderate
CVE-2024-39325 was published for aimeos/ai-controller-frontend (Composer) Jul 5, 2024
ssshah2131 Credited to ssshah2131
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database