Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
46
GitHub Actions
48
Go
3,358
Maven
5,000+
npm
5,000+
NuGet
881
pip
4,554
Pub
12
RubyGems
1,013
Rust
1,205
Swift
51
Unreviewed advisories
All unreviewed
5,000+

27,995 advisories

Loading
baserCMS Cross-site Scripting vulnerability in Site search Feature Moderate
CVE-2023-44379 was published for baserproject/basercms (Composer) Feb 22, 2024
baserCMS OS command injection vulnerability in Installer Moderate
CVE-2023-51450 was published for baserproject/basercms (Composer) Feb 22, 2024
baserCMS Cross-site Scripting vulnerability in Content Management Moderate
CVE-2024-26128 was published for baserproject/basercms (Composer) Feb 22, 2024
Helm's Missing YAML Content Leads To Panic High
CVE-2024-26147 was published for helm.sh/helm/v3 (Go) Feb 22, 2024
jake-ciolek Credited to jake-ciolek
Fiber has Insecure CORS Configuration, Allowing Wildcard Origin with Credentials Critical
CVE-2024-25124 was published for github.com/gofiber/fiber/v2 (Go) Feb 22, 2024
gaby Credited to gaby, sixcolors, and ReneWerner87 sixcolors sixcolors
ReneWerner87 ReneWerner87
Dompdf's usage of vulnerable version of phenx/php-svg-lib leads to restriction bypass and potential RCE Critical
GHSA-97m3-52wr-xvv2 was published for phenx/php-svg-lib (Composer) Feb 22, 2024
Blaklis Credited to Blaklis, ErwanGuillon, and bsweeney ErwanGuillon ErwanGuillon
bsweeney bsweeney
Enhavo Cross-site Scripting vulnerability Moderate
CVE-2024-25876 was published for enhavo/enhavo-app (Composer) Feb 22, 2024
Enhavo Cross-site Scripting vulnerability Moderate
CVE-2024-25875 was published for enhavo/enhavo-app (Composer) Feb 22, 2024
Enhavo Cross-site Scripting vulnerability Moderate
CVE-2024-25874 was published for enhavo/enhavo-app (Composer) Feb 22, 2024
Apache Answer Cross-site Scripting vulnerability Moderate
CVE-2024-23349 was published for github.com/apache/incubator-answer (Go) Feb 22, 2024
Apache Answer Race Condition vulnerability Moderate
CVE-2024-26578 was published for github.com/apache/incubator-answer (Go) Feb 22, 2024
Apache Answer Unrestricted Upload of File with Dangerous Type vulnerability High
CVE-2024-22393 was published for github.com/apache/incubator-answer (Go) Feb 22, 2024
Path Traversal in TYPO3 Core Moderate
GHSA-gj48-w74w-8gvm was published for typo3/cms (Composer) Feb 22, 2024
Withdrawn Advisory: Kirby CMS HTML injection vulnerability High
CVE-2024-26482 was published for getkirby/cms (Composer) Feb 22, 2024 withdrawn
Duplicate Advisory: Unrestricted file upload of user avatar images Moderate
GHSA-fr72-9665-w3gr was published for getkirby/cms (Composer) Feb 22, 2024 withdrawn
Duplicate Advisory: Kirby vulnerable to self cross-site scripting (self-XSS) in the URL field Moderate
GHSA-w879-mxj5-c3wf was published for getkirby/cms (Composer) Feb 22, 2024 withdrawn
org.postgresql:postgresql vulnerable to SQL Injection via line comment generation Critical
CVE-2024-1597 was published for org.postgresql:postgresql (Maven) Feb 21, 2024
paul-gerste-sonarsource Credited to paul-gerste-sonarsource
XWiki extension license information is public, exposing instance id and license holder details Moderate
CVE-2024-26138 was published for com.xwiki.licensing:application-licensing-licensor-ui (Maven) Feb 21, 2024
cryptography NULL pointer dereference with pkcs12.serialize_key_and_certificates when called with a non-matching certificate and private key and an hmac_hash override High
CVE-2024-26130 was published for cryptography (pip) Feb 21, 2024
Alexander-Programming Credited to Alexander-Programming and cd-work cd-work cd-work
php-svg-lib lacks path validation on font through SVG inline styles Moderate
CVE-2024-25117 was published for phenx/php-svg-lib (Composer) Feb 21, 2024
pymatgen vulnerable to arbitrary code execution when parsing a maliciously crafted JonesFaithfulTransformation transformation_string Critical
CVE-2024-23346 was published for pymatgen (pip) Feb 21, 2024
SteakEnthusiast Credited to SteakEnthusiast and mkhorton mkhorton mkhorton
Liferay Portal Document and Media widget and Liferay DXP vulnerable to stored Cross-site Scripting Critical
CVE-2023-47795 was published for com.liferay.portal:release.dxp.bom (Maven) Feb 21, 2024
Liferay Portal Calendar module and Liferay DXP vulnerable to Cross-site Scripting, content spoofing Moderate
CVE-2024-25151 was published for com.liferay.portal:release.dxp.bom (Maven) Feb 21, 2024
Liferay Portal Frontend JS module's portlet.js and Liferay DXP vulnerable to Cross-site Scripting Critical
CVE-2024-26269 was published for com.liferay.portal:release.dxp.bom (Maven) Feb 21, 2024
Liferay Portal's Dynamic Data Mapping module's DDMForm and Liferay DXP vulnerable to stored Cross-site Scripting Critical
CVE-2024-25603 was published for com.liferay.portal:release.dxp.bom (Maven) Feb 21, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database