Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
49
Go
3,405
Maven
5,000+
npm
5,000+
NuGet
882
pip
4,641
Pub
13
RubyGems
1,026
Rust
1,209
Swift
53
Unreviewed advisories
All unreviewed
5,000+

28,407 advisories

Loading
ZITADEL's Improper Content-Type Validation Leads to Account Takeover via Stored XSS + CSP Bypass High
CVE-2024-29891 was published for github.com/zitadel/zitadel (Go) Mar 28, 2024
amit-laish Credited to amit-laish, fforootd, livio-a, and adlerhurst fforootd fforootd
livio-a livio-a adlerhurst adlerhurst
ZITADEL's actions can overload reserved claims High
CVE-2024-29892 was published for github.com/zitadel/zitadel (Go) Mar 28, 2024
schettn Credited to schettn, fforootd, adlerhurst, and livio-a fforootd fforootd
adlerhurst adlerhurst livio-a livio-a
domain-suffix RegEx Denial of Service High
CVE-2024-25354 was published for domain-suffix (npm) Mar 28, 2024
dsimk Credited to dsimk
SQL Injection vulnerability in Reportico Till High
CVE-2023-47438 was published for reportico-web/reportico (Composer) Mar 28, 2024
web3-utils Prototype Pollution vulnerability High
CVE-2024-21505 was published for web3-utils (npm) Mar 27, 2024
Elasticsearch Incorrect Authorization vulnerability Moderate
CVE-2024-23451 was published for org.elasticsearch:elasticsearch (Maven) Mar 27, 2024
Elasticsearch Uncontrolled Resource Consumption vulnerability Moderate
CVE-2024-23450 was published for org.elasticsearch:elasticsearch (Maven) Mar 27, 2024
Gradio's CI vulnerable to Command Injection High
CVE-2024-1540 was published for gradio (pip) Mar 27, 2024 withdrawn
Eclipse Vert.x memory leak Moderate
CVE-2024-1023 was published for io.vertx:vertx-core (Maven) Mar 27, 2024
marcelstoer Credited to marcelstoer
Lektor does not sanitize database path traversal Critical
CVE-2024-28335 was published for Lektor (pip) Mar 27, 2024
gradio Server-Side Request Forgery vulnerability High
CVE-2024-2206 was published for gradio (pip) Mar 27, 2024
Ignite Realtime Openfire privilege escalation vulnerability High
CVE-2024-25421 was published for org.igniterealtime.openfire:xmppserver (Maven) Mar 26, 2024
Ignite Realtime Openfire privilege escalation vulnerability High
CVE-2024-25420 was published for org.igniterealtime.openfire:xmppserver (Maven) Mar 26, 2024
TinyMCE Cross-Site Scripting (XSS) vulnerability in handling iframes Moderate
CVE-2024-29203 was published for TinyMCE (Composer) Mar 26, 2024
TinyMCE Cross-Site Scripting (XSS) vulnerability in handling external SVG files through Object or Embed elements Moderate
CVE-2024-29881 was published for TinyMCE (Composer) Mar 26, 2024
Pimcore Preview Documents are not restricted to logged in users anymore Moderate
CVE-2024-29197 was published for pimcore/pimcore (Composer) Mar 26, 2024
rliebi Credited to rliebi and patryser patryser patryser
Duplicate Advisory: Grafana vulnerable to authorization bypass Moderate
GHSA-mh7p-8m2f-qrm6 was published for github.com/grafana/grafana (Go) Mar 26, 2024 withdrawn
Apache Airflow Improper Preservation of Permissions vulnerability Moderate
CVE-2024-29735 was published for apache-airflow (pip) Mar 26, 2024
LangChain's XMLOutputParser vulnerable to XML Entity Expansion Moderate
CVE-2024-1455 was published for langchain-core (pip) Mar 26, 2024
eyurtsev Credited to eyurtsev
dcat-admin Cross Site Scripting vulnerability Moderate
CVE-2024-29644 was published for dcat/laravel-admin (Composer) Mar 26, 2024
Unauthenticated views may expose information to anonymous users Low
CVE-2024-29199 was published for nautobot (pip) Mar 26, 2024
joewesch Credited to joewesch
phpMyFAQ stored Cross-site Scripting at user email Moderate
CVE-2024-27300 was published for phpmyfaq/phpmyfaq (Composer) Mar 25, 2024
kevinnivekkevin Credited to kevinnivekkevin
phpMyFAQ's File Upload Bypass at Category Image Leads to RCE High
CVE-2024-28105 was published for phpmyfaq/phpmyfaq (Composer) Mar 25, 2024
kevinnivekkevin Credited to kevinnivekkevin
phpMyFAQ Stored Cross-site Scripting at FAQ News Content Moderate
CVE-2024-28106 was published for phpmyfaq/phpmyfaq (Composer) Mar 25, 2024
kevinnivekkevin Credited to kevinnivekkevin
phpMyFAQ SQL injections at insertentry & saveentry High
CVE-2024-28107 was published for phpmyfaq/phpmyfaq (Composer) Mar 25, 2024
kevinnivekkevin Credited to kevinnivekkevin
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database