Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
49
Go
3,436
Maven
5,000+
npm
5,000+
NuGet
883
pip
4,694
Pub
13
RubyGems
1,029
Rust
1,212
Swift
53
Unreviewed advisories
All unreviewed
5,000+

28,615 advisories

Loading
Cross site scripting in moodle Moderate
CVE-2024-29374 was published for moodle/moodle (Composer) Mar 21, 2024
Path traversal in webpack-dev-middleware High
CVE-2024-29180 was published for webpack-dev-middleware (npm) Mar 21, 2024
palirichtarik Credited to palirichtarik
ESPHome vulnerable to Authentication bypass via Cross site request forgery High
CVE-2024-29019 was published for esphome (pip) Mar 21, 2024
r3kumar Credited to r3kumar
Apache Commons Configuration: StackOverflowError adding property in AbstractListDelimiterHandler.flattenIterator() Moderate
CVE-2024-29131 was published for org.apache.commons:commons-configuration2 (Maven) Mar 21, 2024
oscerd Credited to oscerd
Apache Commons Configuration: StackOverflowError calling ListDelimiterHandler.flatten(Object, int) with a cyclical object tree Moderate
CVE-2024-29133 was published for org.apache.commons:commons-configuration2 (Maven) Mar 21, 2024
oscerd Credited to oscerd
Cross-site scripting in Survey Creator Moderate
CVE-2024-28635 was published for survey-creator (npm) Mar 21, 2024
SQL injection in Folio Spring Module Core Moderate
CVE-2022-4963 was published for org.folio:spring-module-core (Maven) Mar 21, 2024
Ibexa Kernel's files with blacklisted extensions can be still saved to drafts Moderate
GHSA-9j39-4686-m3c4 was published for ibexa/core (Composer) Mar 20, 2024
Ibexa Kernel's files with blacklisted extensions can be still saved to drafts Moderate
GHSA-mwvh-p3hx-x4gg was published for ezsystems/ezplatform-kernel (Composer) Mar 20, 2024
Memory leaks in code encrypting and verifying RSA payloads High
CVE-2024-1394 was published for github.com/golang-fips/go (Go) Mar 20, 2024
qmuntal Credited to qmuntal, r3kumar, and andrewpollock r3kumar r3kumar
andrewpollock andrewpollock
GoogleOAuthenticator.hosted_domain incorrectly verifies membership of an Google organization/workspace High
CVE-2024-29033 was published for oauthenticator (pip) Mar 20, 2024
manics Credited to manics, consideRatio, and betatim consideRatio consideRatio
betatim betatim
Moby's external DNS requests from 'internal' networks could lead to data exfiltration Moderate
CVE-2024-29018 was published for github.com/docker/docker (Go) Mar 20, 2024
robmry Credited to robmry, akerouanton, neersighted, gabriellavengeo, and cibofo akerouanton akerouanton
neersighted neersighted gabriellavengeo gabriellavengeo cibofo cibofo
Umbraco possible user enumeration Low
CVE-2024-28868 was published for UmbracoCMS (NuGet) Mar 20, 2024
poan21 Credited to poan21
`qiskit_ibm_runtime.RuntimeDecoder` can execute arbitrary code Moderate
CVE-2024-29032 was published for qiskit-ibm-runtime (pip) Mar 20, 2024
richrines1 Credited to richrines1
Dynamic Variable Evaluation in qiskit-ibm-runtime Low
GHSA-cq96-9974-v8hm was published for qiskit-ibm-runtime (pip) Mar 20, 2024
ihincks Credited to ihincks
Improper Authentication in Spring Authorization Server Moderate
CVE-2024-22258 was published for org.springframework.security:spring-security-oauth2-authorization-server (Maven) Mar 20, 2024
Jupyter Server Proxy's Websocket Proxying does not require authentication Critical
CVE-2024-28179 was published for jupyter-server-proxy (pip) Mar 20, 2024
yuvipanda Credited to yuvipanda, consideRatio, manics, minrk, krassowski, dlqqq, and eddelbuettel consideRatio consideRatio
manics manics minrk minrk krassowski krassowski dlqqq dlqqq eddelbuettel eddelbuettel
GeoServer's GWC Demos Page vulnerable to Stored Cross-Site Scripting (XSS) Moderate
CVE-2024-23821 was published for org.geoserver:gs-gwc (Maven) Mar 20, 2024
sikeoka Credited to sikeoka
GeoServer's MapML HTML Page vulnerable to Stored Cross-Site Scripting (XSS) Moderate
CVE-2024-23819 was published for org.geoserver.extension:gs-mapml (Maven) Mar 20, 2024
sikeoka Credited to sikeoka
GeoServer's WMS OpenLayers Format vulnerable to Stored Cross-Site Scripting (XSS) Moderate
CVE-2024-23818 was published for org.geoserver:gs-wms (Maven) Mar 20, 2024
sikeoka Credited to sikeoka
GeoServer's GWC Seed Form vulnerable to Stored Cross-Site Scripting (XSS) Moderate
CVE-2024-23643 was published for org.geoserver:gs-gwc-rest (Maven) Mar 20, 2024
sikeoka Credited to sikeoka
GeoServer's Simple SVG Renderer vulnerable to Stored Cross-Site Scripting (XSS) Moderate
CVE-2024-23642 was published for org.geoserver:gs-wms (Maven) Mar 20, 2024
sikeoka Credited to sikeoka
GeoServer's Style Publisher vulnerable to Stored Cross-Site Scripting (XSS) Moderate
CVE-2024-23640 was published for org.geoserver:gs-main (Maven) Mar 20, 2024
sikeoka Credited to sikeoka
GeoServer Arbitrary file renaming vulnerability in REST Coverage/Data Store API Moderate
CVE-2024-23634 was published for org.geoserver:gs-restconfig (Maven) Mar 20, 2024
sikeoka Credited to sikeoka
Stored Cross-Site Scripting (XSS) vulnerability in GeoServer's REST Resources API Moderate
CVE-2023-51445 was published for org.geoserver:gs-restconfig (Maven) Mar 20, 2024
thomsmith Credited to thomsmith and VertigoM VertigoM VertigoM
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database