Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
46
GitHub Actions
48
Go
3,343
Maven
5,000+
npm
5,000+
NuGet
881
pip
4,550
Pub
12
RubyGems
1,013
Rust
1,204
Swift
51
Unreviewed advisories
All unreviewed
5,000+

27,946 advisories

Loading
HashiCorp Vault Improper Privilege Management Moderate
CVE-2020-10660 was published for github.com/hashicorp/vault (Go) Jan 30, 2024
andrewpollock Credited to andrewpollock
HashiCorp Vault Improper Privilege Management Critical
CVE-2020-10661 was published for github.com/hashicorp/vault (Go) Jan 30, 2024
andrewpollock Credited to andrewpollock
TrueLayer.Client SSRF when fetching payment or payment provider High
CVE-2024-23838 was published for TrueLayer.Client (NuGet) Jan 30, 2024
foldedbits Credited to foldedbits
`goreleaser release --debug` shows secrets Moderate
CVE-2024-23840 was published for github.com/goreleaser/goreleaser (Go) Jan 30, 2024
andreaangiolillo Credited to andreaangiolillo and caarlos0 caarlos0 caarlos0
@apollo/experimental-nextjs-app-support Cross-site Scripting vulnerability High
CVE-2024-23841 was published for @apollo/experimental-nextjs-app-support (npm) Jan 30, 2024
phryneas Credited to phryneas, IkeMurami, and peakematt IkeMurami IkeMurami
peakematt peakematt
@urql/next Cross-site Scripting vulnerability High
CVE-2024-24556 was published for @urql/next (npm) Jan 30, 2024
react-query-streamed-hydration Cross-site Scripting vulnerability High
CVE-2024-24558 was published for @tanstack/react-query-next-experimental (npm) Jan 30, 2024
phryneas Credited to phryneas
CrateDB database has an arbitrary file read vulnerability Moderate
CVE-2024-24565 was published for io.crate:crate (Maven) Jan 30, 2024
Tu0Laj1 Credited to Tu0Laj1
vantage6 may create unencrypted tasks in encrypted collaboration Low
CVE-2024-22193 was published for vantage6 (pip) Jan 30, 2024
vantage6 vulnerable to username timing attack Low
CVE-2024-21671 was published for vantage6-server (pip) Jan 30, 2024
vantage6 has insecure SSH configuration for node and server containers Moderate
CVE-2024-21653 was published for vantage6 (pip) Jan 30, 2024
vantage6 remote code execution vulnerability High
CVE-2024-21649 was published for vantage6 (pip) Jan 30, 2024
Vyper's raw_call `value=` kwargs not disabled for static and delegate calls Moderate
CVE-2024-24567 was published for vyper (pip) Jan 30, 2024
cyberthirst Credited to cyberthirst, pcaversaccio, kuroi8, and 0xdeadbeef0x pcaversaccio pcaversaccio
kuroi8 kuroi8 0xdeadbeef0x 0xdeadbeef0x
Craft CMS Feed-Me High
CVE-2023-36260 was published for craftcms/cms (Composer) Jan 30, 2024
Craft CMS Audit Plugin Cross Site Scripting vulnerability Moderate
CVE-2023-36259 was published for superbig/craft-audit (Composer) Jan 30, 2024
network Arbitrary Command Injection vulnerability High
CVE-2024-21488 was published for network (npm) Jan 30, 2024
CrateDB authentication bypass vulnerability High
CVE-2023-51982 was published for io.crate:crate (Maven) Jan 30, 2024
Tu0Laj1 Credited to Tu0Laj1 and proddata proddata proddata
Ylianst MeshCentral Missing SSL Certificate Validation Critical
CVE-2023-51837 was published for meshcentral (npm) Jan 30, 2024
aiohttp is vulnerable to directory traversal High
CVE-2024-23334 was published for aiohttp (pip) Jan 29, 2024
lcttty Credited to lcttty, solarpeng502, and Dreamsorcerer solarpeng502 solarpeng502
Dreamsorcerer Dreamsorcerer
Authentik vulnerable to PKCE downgrade attack High
CVE-2024-23647 was published for goauthentik.io (Go) Jan 29, 2024
pieterphilippaerts Credited to pieterphilippaerts
Nginx-UI vulnerable to authenticated RCE through injecting into the application config via CRLF High
CVE-2024-23828 was published for github.com/0xJacky/Nginx-UI (Go) Jan 29, 2024
Elleuch-x1 Credited to Elleuch-x1 and 0xJacky 0xJacky 0xJacky
Nginx-UI vulnerable to arbitrary file write through the Import Certificate feature Critical
CVE-2024-23827 was published for github.com/0xJacky/Nginx-UI (Go) Jan 29, 2024
Elleuch-x1 Credited to Elleuch-x1 and 0xJacky 0xJacky 0xJacky
aiohttp's HTTP parser (the python one, not llhttp) still overly lenient about separators Moderate
CVE-2024-23829 was published for aiohttp (pip) Jan 29, 2024
pajod Credited to pajod
MeshCentral algorithm-downgrade issue High
CVE-2023-51842 was published for meshcentral (npm) Jan 29, 2024
DeviceFarmer stf uses DES-ECB Critical
CVE-2023-51839 was published for @devicefarmer/stf (npm) Jan 29, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database