Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
46
GitHub Actions
48
Go
3,343
Maven
5,000+
npm
5,000+
NuGet
881
pip
4,550
Pub
12
RubyGems
1,013
Rust
1,204
Swift
51
Unreviewed advisories
All unreviewed
5,000+

27,947 advisories

Loading
Improper Validation of Array Index in github.com/greenpau/caddy-security Moderate
CVE-2024-21493 was published for github.com/greenpau/caddy-security (Go) Feb 17, 2024
Authentication Bypass by Spoofing in github.com/greenpau/caddy-security Moderate
CVE-2024-21494 was published for github.com/greenpau/caddy-security (Go) Feb 17, 2024
Insufficient Session Expiration in github.com/greenpau/caddy-security Moderate
CVE-2024-21492 was published for github.com/greenpau/caddy-security (Go) Feb 17, 2024
Vulnerability affecting the org.openjfx:javafx-media maven component of the OpenJFX project Low
CVE-2024-20925 was published for org.openjfx:javafx-media (Maven) Feb 17, 2024
westonsteimel Credited to westonsteimel
tuf's Metadata API: Targets.get_delegated_role() is missing input validation Low
GHSA-77hh-43cm-v8j6 was published for tuf (pip) Feb 16, 2024
Hazelcast Platform permission checking in CSV File Source connector High
CVE-2023-45860 was published for com.hazelcast:hazelcast (Maven) Feb 16, 2024
GitHub Security Lab (GHSL) Vulnerability Report, scrypted: `GHSL-2023-218`, `GHSL-2023-219` High
GHSA-w4hv-vmv9-hgcr was published for @scrypted/core (npm) Feb 16, 2024
Kwstubbs Credited to Kwstubbs
Scrapy decompression bomb vulnerability High
CVE-2024-3572 was published for scrapy (pip) Feb 16, 2024
dmandefy Credited to dmandefy
Undici proxy-authorization header not cleared on cross-origin redirect in fetch Low
CVE-2024-24758 was published for undici (npm) Feb 16, 2024
T1m0n0 Credited to T1m0n0 and mcollina mcollina mcollina
fetch(url) leads to a memory leak in undici Moderate
CVE-2024-24750 was published for undici (npm) Feb 16, 2024
mcollina Credited to mcollina
React Native Document Picker Directory Traversal vulnerability High
CVE-2024-25466 was published for react-native-document-picker (npm) Feb 16, 2024
vonovak Credited to vonovak
YetiForceCRM Directory Traversal vulnerability Moderate
CVE-2023-49508 was published for yetiforce/yetiforce-crm (Composer) Feb 16, 2024
Helm dependency management path traversal Moderate
CVE-2024-25620 was published for helm.sh/helm/v3 (Go) Feb 15, 2024
dominykas Credited to dominykas
Scrapy authorization header leakage on cross-domain redirect High
CVE-2024-3574 was published for scrapy (pip) Feb 15, 2024
ranjit-git Credited to ranjit-git
Magento Open Source allows Cross-Site Request Forgery (CSRF) Moderate
CVE-2024-20718 was published for magento/community-edition (Composer) Feb 15, 2024
Magento Open Source allows OS Command Injection High
CVE-2024-20720 was published for magento/community-edition (Composer) Feb 15, 2024
Magento Open Source allows Cross-Site Scripting (XSS) High
CVE-2024-20719 was published for magento/community-edition (Composer) Feb 15, 2024
Magento Open Source allows Uncontrolled Resource Consumption Moderate
CVE-2024-20716 was published for magento/community-edition (Composer) Feb 15, 2024
Scrapy vulnerable to ReDoS via XMLFeedSpider High
CVE-2024-1892 was published for scrapy (pip) Feb 15, 2024
nicecatch2000 Credited to nicecatch2000
Absolute path traversal vulnerability in digdag server Moderate
CVE-2024-25125 was published for io.digdag:digdag-server (Maven) Feb 14, 2024
p- Credited to p-
registry-support: decompress can delete files outside scope via relative paths Moderate
CVE-2024-1485 was published for github.com/devfile/registry-support/registry-library (Go) Feb 14, 2024
cebarks Credited to cebarks
Email Validation Bypass And Preventing Sign Up From Email's Owner Moderate
CVE-2023-6152 was published for github.com/grafana/grafana (Go) Feb 13, 2024
negrel Credited to negrel
NuGet Client Security Feature Bypass Vulnerability Critical
CVE-2024-0057 was published for NuGet.CommandLine (NuGet) Feb 13, 2024
JarLob Credited to JarLob
TYPO3 Install Tool vulnerable to Code Execution High
CVE-2024-22188 was published for typo3/cms-core (Composer) Feb 13, 2024
bnf Credited to bnf
Microsoft Security Advisory CVE-2024-21386: .NET Denial of Service Vulnerability High
CVE-2024-21386 was published for Microsoft.AspNetCore.App.Runtime.linux-arm (NuGet) Feb 13, 2024
bbossola Credited to bbossola, gillarramendi, and sunnypatell gillarramendi gillarramendi
sunnypatell sunnypatell
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database