GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
46
GitHub Actions
48
Go
3,343
Maven
5,000+
npm
5,000+
NuGet
881
pip
4,550
Pub
12
RubyGems
1,013
Rust
1,204
Swift
51
Unreviewed advisories
All unreviewed
5,000+
27,947 advisories
Filter by severity
Improper Validation of Array Index in github.com/greenpau/caddy-security
Moderate
CVE-2024-21493
was published
for
github.com/greenpau/caddy-security
(Go)
Feb 17, 2024
Authentication Bypass by Spoofing in github.com/greenpau/caddy-security
Moderate
CVE-2024-21494
was published
for
github.com/greenpau/caddy-security
(Go)
Feb 17, 2024
Insufficient Session Expiration in github.com/greenpau/caddy-security
Moderate
CVE-2024-21492
was published
for
github.com/greenpau/caddy-security
(Go)
Feb 17, 2024
Vulnerability affecting the org.openjfx:javafx-media maven component of the OpenJFX project
Low
CVE-2024-20925
was published
for
org.openjfx:javafx-media
(Maven)
Feb 17, 2024
tuf's Metadata API: Targets.get_delegated_role() is missing input validation
Low
GHSA-77hh-43cm-v8j6
was published
for
tuf
(pip)
Feb 16, 2024
Hazelcast Platform permission checking in CSV File Source connector
High
CVE-2023-45860
was published
for
com.hazelcast:hazelcast
(Maven)
Feb 16, 2024
GitHub Security Lab (GHSL) Vulnerability Report, scrypted: `GHSL-2023-218`, `GHSL-2023-219`
High
GHSA-w4hv-vmv9-hgcr
was published
for
@scrypted/core
(npm)
Feb 16, 2024
Scrapy decompression bomb vulnerability
High
CVE-2024-3572
was published
for
scrapy
(pip)
Feb 16, 2024
Undici proxy-authorization header not cleared on cross-origin redirect in fetch
Low
CVE-2024-24758
was published
for
undici
(npm)
Feb 16, 2024
fetch(url) leads to a memory leak in undici
Moderate
CVE-2024-24750
was published
for
undici
(npm)
Feb 16, 2024
React Native Document Picker Directory Traversal vulnerability
High
CVE-2024-25466
was published
for
react-native-document-picker
(npm)
Feb 16, 2024
YetiForceCRM Directory Traversal vulnerability
Moderate
CVE-2023-49508
was published
for
yetiforce/yetiforce-crm
(Composer)
Feb 16, 2024
Helm dependency management path traversal
Moderate
CVE-2024-25620
was published
for
helm.sh/helm/v3
(Go)
Feb 15, 2024
Scrapy authorization header leakage on cross-domain redirect
High
CVE-2024-3574
was published
for
scrapy
(pip)
Feb 15, 2024
Magento Open Source allows Cross-Site Request Forgery (CSRF)
Moderate
CVE-2024-20718
was published
for
magento/community-edition
(Composer)
Feb 15, 2024
Magento Open Source allows OS Command Injection
High
CVE-2024-20720
was published
for
magento/community-edition
(Composer)
Feb 15, 2024
Magento Open Source allows Cross-Site Scripting (XSS)
High
CVE-2024-20719
was published
for
magento/community-edition
(Composer)
Feb 15, 2024
Magento Open Source allows Uncontrolled Resource Consumption
Moderate
CVE-2024-20716
was published
for
magento/community-edition
(Composer)
Feb 15, 2024
Scrapy vulnerable to ReDoS via XMLFeedSpider
High
CVE-2024-1892
was published
for
scrapy
(pip)
Feb 15, 2024
Absolute path traversal vulnerability in digdag server
Moderate
CVE-2024-25125
was published
for
io.digdag:digdag-server
(Maven)
Feb 14, 2024
registry-support: decompress can delete files outside scope via relative paths
Moderate
CVE-2024-1485
was published
for
github.com/devfile/registry-support/registry-library
(Go)
Feb 14, 2024
Email Validation Bypass And Preventing Sign Up From Email's Owner
Moderate
CVE-2023-6152
was published
for
github.com/grafana/grafana
(Go)
Feb 13, 2024
NuGet Client Security Feature Bypass Vulnerability
Critical
CVE-2024-0057
was published
for
NuGet.CommandLine
(NuGet)
Feb 13, 2024
TYPO3 Install Tool vulnerable to Code Execution
High
CVE-2024-22188
was published
for
typo3/cms-core
(Composer)
Feb 13, 2024
Microsoft Security Advisory CVE-2024-21386: .NET Denial of Service Vulnerability
High
CVE-2024-21386
was published
for
Microsoft.AspNetCore.App.Runtime.linux-arm
(NuGet)
Feb 13, 2024
ProTip!
Advisories are also available from the
GraphQL API