Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
46
GitHub Actions
47
Go
3,340
Maven
5,000+
npm
5,000+
NuGet
881
pip
4,549
Pub
12
RubyGems
1,012
Rust
1,202
Swift
51
Unreviewed advisories
All unreviewed
5,000+

27,905 advisories

Loading
HashiCorp Nomad vulnerable to symlink attacks High
CVE-2024-1329 was published for github.com/hashicorp/nomad (Go) Feb 8, 2024
eza Potential Heap Overflow Vulnerability for AArch64 High
CVE-2024-25817 was published for eza (Rust) Feb 8, 2024
CuB3y0nd Credited to CuB3y0nd, FuzzyLitchi, cafkafk, and inspector-ambitious FuzzyLitchi FuzzyLitchi
cafkafk cafkafk inspector-ambitious inspector-ambitious
Rancher API Server Cross-site Scripting Vulnerability High
CVE-2023-32192 was published for github.com/rancher/apiserver (Go) Feb 8, 2024
diego95root Credited to diego95root and kujalamathias kujalamathias kujalamathias
Norman API Cross-site Scripting Vulnerability High
CVE-2023-32193 was published for github.com/rancher/norman (Go) Feb 8, 2024
diego95root Credited to diego95root and kujalamathias kujalamathias kujalamathias
Rancher 'Audit Log' leaks sensitive information High
CVE-2023-22649 was published for github.com/rancher/rancher (Go) Feb 8, 2024
Rancher permissions on 'namespaces' in any API group grants 'edit' permissions on namespaces in 'core' High
CVE-2023-32194 was published for github.com/rancher/rancher (Go) Feb 8, 2024
AnonySE26 Credited to AnonySE26
Kinto Attachment's attachments can be replaced on read-only records High
CVE-2024-1314 was published for kinto-attachment (pip) Feb 8, 2024
Standard8 Credited to Standard8, fkiriakos07, and leplatrem fkiriakos07 fkiriakos07
leplatrem leplatrem
NPM IP package incorrectly identifies some private IP addresses as public Low
CVE-2023-42282 was published for ip (npm) Feb 8, 2024
G-Rath Credited to G-Rath, levpachmanov, dotboris, and iFreilicht levpachmanov levpachmanov
dotboris dotboris iFreilicht iFreilicht
PanelSwWix4.Sdk .be TEMP folder is vulnerable to DLL redirection attacks that allow the attacker to escalate privileges High
GHSA-8v28-3g86-chj5 was published for PanelSwWix4.Sdk (NuGet) Feb 8, 2024
Panel::Software Customized WiX .be TEMP folder is vulnerable to DLL redirection attacks that allow the attacker to escalate privileges High
GHSA-259p-rvjx-ffwg was published for PanelSW.Custom.WiX (NuGet) Feb 8, 2024
WiX Toolset's .be TEMP folder is vulnerable to DLL redirection attacks that allow the attacker to escalate privileges High
CVE-2024-24810 was published for wix (NuGet) Feb 8, 2024
ppv-milestone Credited to ppv-milestone and robmen robmen robmen
DIRAC's TokenManager does not check permissions on cached tokens Critical
CVE-2024-24825 was published for DIRAC (pip) Feb 8, 2024
chaen Credited to chaen, aldbr, and chrisburr aldbr aldbr
chrisburr chrisburr
XXL-JOB vulnerable to Server-Side Request Forgery High
CVE-2024-24113 was published for com.xuxueli:xxl-job (Maven) Feb 8, 2024
achibear Credited to achibear
Composer code execution and possible privilege escalation via compromised InstalledVersions.php or installed.php High
CVE-2024-24821 was published for composer/composer (Composer) Feb 8, 2024
edonsec Credited to edonsec
Liferay Portal denial-of-service vulnerability Moderate
CVE-2024-25144 was published for com.liferay.portal:release.dxp.bom (Maven) Feb 8, 2024
Liferay Portal allows attackers to discover the existence of sites Moderate
CVE-2024-25146 was published for com.liferay.portal:release.dxp.bom (Maven) Feb 8, 2024
Liferay Portal vulnerable to user impersonation High
CVE-2024-25148 was published for com.liferay.portal:release.dxp.bom (Maven) Feb 8, 2024
Liferay Portal's account lockout does not invalidate existing user sessions Moderate
CVE-2023-47798 was published for com.liferay.portal:release.dxp.bom (Maven) Feb 8, 2024
APM Server vulnerable to Insertion of Sensitive Information into Log File High
CVE-2024-23448 was published for github.com/elastic/apm-server (Go) Feb 8, 2024
Pimcore Admin Classic Bundle permissions are not getting checked when working with tags Moderate
CVE-2024-24822 was published for pimcore/admin-ui-classic-bundle (Composer) Feb 7, 2024
v32y142y Credited to v32y142y
Graylog session fixation vulnerability through cookie injection Moderate
CVE-2024-24823 was published for org.graylog2:graylog2-server (Maven) Feb 7, 2024
fabsx00 Credited to fabsx00
Graylog vulnerable to instantiation of arbitrary classes triggered by API request High
CVE-2024-24824 was published for org.graylog2:graylog2-server (Maven) Feb 7, 2024
fabsx00 Credited to fabsx00
CKEditor cross-site scripting vulnerability in AJAX sample Moderate
CVE-2023-4771 was published for ckeditor4 (npm) Feb 7, 2024
CKEditor4 Cross-site Scripting vulnerability in samples with enabled the preview feature Moderate
CVE-2024-24816 was published for ckeditor4 (npm) Feb 7, 2024
CKEditor4 Cross-site Scripting vulnerability caused by incorrect CDATA detection Moderate
CVE-2024-24815 was published for ckeditor/ckeditor (Composer) Feb 7, 2024
Rudloff Credited to Rudloff
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database