Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
46
GitHub Actions
48
Go
3,358
Maven
5,000+
npm
5,000+
NuGet
881
pip
4,554
Pub
12
RubyGems
1,013
Rust
1,205
Swift
51
Unreviewed advisories
All unreviewed
5,000+

27,995 advisories

Loading
ASA-2024-005: Potential slashing evasion during re-delegation Low
GHSA-86h5-xcpx-cfqc was published for github.com/cosmos/cosmos-sdk (Go) Feb 27, 2024
Missing permission checks on Hazelcast client protocol High
CVE-2023-45859 was published for com.hazelcast:hazelcast (Maven) Feb 27, 2024
jorditpuig Credited to jorditpuig
Magento LTS vulnerable to stored XSS in admin file form Moderate
GHSA-gp6m-fq6h-cjcx was published for openmage/magento-lts (Composer) Feb 27, 2024
Judx Credited to Judx
Rails has possible Sensitive Session Information Leak in Active Storage Moderate
CVE-2024-26144 was published for activestorage (RubyGems) Feb 27, 2024
yoshizawa-masatoshi Credited to yoshizawa-masatoshi, tyage, and postmodern tyage tyage
postmodern postmodern
Rails has possible XSS Vulnerability in Action Controller Moderate
CVE-2024-26143 was published for actionpack (RubyGems) Feb 27, 2024
ooooooo-q Credited to ooooooo-q, yoshizawa-masatoshi, postmodern, and stdedos yoshizawa-masatoshi yoshizawa-masatoshi
postmodern postmodern stdedos stdedos
Rails has possible ReDoS vulnerability in Accept header parsing in Action Dispatch Low
CVE-2024-26142 was published for actionpack (RubyGems) Feb 27, 2024
SValkanov Credited to SValkanov, yoshizawa-masatoshi, and postmodern yoshizawa-masatoshi yoshizawa-masatoshi
postmodern postmodern
Transparent TLS may not be applied to Marbles with certain manifest configurations Critical
GHSA-x5r5-2qrx-rqj8 was published for github.com/edgelesssys/marblerun (Go) Feb 27, 2024
Apache James MIME4J improper input validation vulnerability Moderate
CVE-2024-21742 was published for org.apache.james:apache-mime4j-core (Maven) Feb 27, 2024
Apache Ambari XML External Entity injection Moderate
CVE-2023-50380 was published for org.apache.ambari.contrib.views:wfmanager (Maven) Feb 27, 2024
oscerd Credited to oscerd
Withdrawn Advisory: Subrion CMS vulnerable to SQL Injection Moderate
CVE-2024-25400 was published for intelliants/subrion (Composer) Feb 27, 2024 withdrawn
Subrion CMS vulnerable to Cross Site Scripting Moderate
CVE-2024-25399 was published for intelliants/subrion (Composer) Feb 27, 2024
ZenML Server Remote Privilege Escalation Vulnerability High
CVE-2024-25723 was published for zenml (pip) Feb 27, 2024
hahwul Credited to hahwul
SMTP smuggling in Apache James High
CVE-2023-51747 was published for org.apache.james:james-server (Maven) Feb 27, 2024
oscerd Credited to oscerd
Apache James server: Privilege escalation via JMX pre-authentication deserialization Critical
CVE-2023-51518 was published for org.apache.james:james-server (Maven) Feb 27, 2024
oscerd Credited to oscerd
Apache Ambari: authenticated users could perform command injection to perform RCE High
CVE-2023-50379 was published for org.apache.ambari.contrib.views:ambari-contrib-views (Maven) Feb 27, 2024
oscerd Credited to oscerd
diffoscope Path Traversal vulnerability Moderate
CVE-2024-25711 was published for diffoscope (pip) Feb 27, 2024
Bagisto Cross-Site Request Forgery vulnerability High
CVE-2023-36237 was published for bagisto/bagisto (Composer) Feb 27, 2024
Minder trusts client-provided mapping from repo name to upstream ID Moderate
CVE-2024-27093 was published for github.com/stacklok/minder (Go) Feb 26, 2024
evankanderson Credited to evankanderson
Connection leaking on idle timeout when TCP congested High
CVE-2024-22201 was published for org.eclipse.jetty.http2:http2-common (Maven) Feb 26, 2024
luffy1949 Credited to luffy1949
Vyper's `extract32` can ready dirty memory Low
CVE-2024-24564 was published for vyper (pip) Feb 26, 2024
trocher Credited to trocher
Vyper's `_abi_decode` vulnerable to Memory Overflow Low
CVE-2024-26149 was published for vyper (pip) Feb 26, 2024
minaminao-osec Credited to minaminao-osec
@nfid/embed has compromised private key due to @dfinity/auth-client producing insecure session keys Critical
GHSA-84c3-j8r2-mcm8 was published for @nfid/embed (npm) Feb 26, 2024
SAML authentication bypass due to missing validation on unsigned SAML messages Critical
GHSA-hx5q-v6pj-533r was published for com.linecorp.centraldogma:centraldogma-server-auth-saml (Maven) Feb 26, 2024
lishiki Credited to lishiki
Armeria SAML authentication bypass due to missing validation on unsigned SAML messages Critical
CVE-2024-1735 was published for com.linecorp.armeria:armeria-saml (Maven) Feb 26, 2024
lishiki Credited to lishiki
PyPop C extensions possible vulnerability: missing arguments and redundant null pointers Low
GHSA-p4m5-32pr-2hqr was published for pypop-genomics (pip) Feb 26, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database