Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
46
GitHub Actions
48
Go
3,362
Maven
5,000+
npm
5,000+
NuGet
881
pip
4,559
Pub
12
RubyGems
1,013
Rust
1,205
Swift
51
Unreviewed advisories
All unreviewed
5,000+

28,013 advisories

Loading
vantage6 may create unencrypted tasks in encrypted collaboration Low
CVE-2024-22193 was published for vantage6 (pip) Jan 30, 2024
vantage6 vulnerable to username timing attack Low
CVE-2024-21671 was published for vantage6-server (pip) Jan 30, 2024
vantage6 has insecure SSH configuration for node and server containers Moderate
CVE-2024-21653 was published for vantage6 (pip) Jan 30, 2024
vantage6 remote code execution vulnerability High
CVE-2024-21649 was published for vantage6 (pip) Jan 30, 2024
Vyper's raw_call `value=` kwargs not disabled for static and delegate calls Moderate
CVE-2024-24567 was published for vyper (pip) Jan 30, 2024
cyberthirst Credited to cyberthirst, pcaversaccio, kuroi8, and 0xdeadbeef0x pcaversaccio pcaversaccio
kuroi8 kuroi8 0xdeadbeef0x 0xdeadbeef0x
Craft CMS Feed-Me High
CVE-2023-36260 was published for craftcms/cms (Composer) Jan 30, 2024
Craft CMS Audit Plugin Cross Site Scripting vulnerability Moderate
CVE-2023-36259 was published for superbig/craft-audit (Composer) Jan 30, 2024
network Arbitrary Command Injection vulnerability High
CVE-2024-21488 was published for network (npm) Jan 30, 2024
CrateDB authentication bypass vulnerability High
CVE-2023-51982 was published for io.crate:crate (Maven) Jan 30, 2024
Tu0Laj1 Credited to Tu0Laj1 and proddata proddata proddata
Ylianst MeshCentral Missing SSL Certificate Validation Critical
CVE-2023-51837 was published for meshcentral (npm) Jan 30, 2024
aiohttp is vulnerable to directory traversal High
CVE-2024-23334 was published for aiohttp (pip) Jan 29, 2024
lcttty Credited to lcttty, solarpeng502, and Dreamsorcerer solarpeng502 solarpeng502
Dreamsorcerer Dreamsorcerer
Authentik vulnerable to PKCE downgrade attack High
CVE-2024-23647 was published for goauthentik.io (Go) Jan 29, 2024
pieterphilippaerts Credited to pieterphilippaerts
Nginx-UI vulnerable to authenticated RCE through injecting into the application config via CRLF High
CVE-2024-23828 was published for github.com/0xJacky/Nginx-UI (Go) Jan 29, 2024
Elleuch-x1 Credited to Elleuch-x1 and 0xJacky 0xJacky 0xJacky
Nginx-UI vulnerable to arbitrary file write through the Import Certificate feature Critical
CVE-2024-23827 was published for github.com/0xJacky/Nginx-UI (Go) Jan 29, 2024
Elleuch-x1 Credited to Elleuch-x1 and 0xJacky 0xJacky 0xJacky
aiohttp's HTTP parser (the python one, not llhttp) still overly lenient about separators Moderate
CVE-2024-23829 was published for aiohttp (pip) Jan 29, 2024
pajod Credited to pajod
MeshCentral algorithm-downgrade issue High
CVE-2023-51842 was published for meshcentral (npm) Jan 29, 2024
DeviceFarmer stf uses DES-ECB Critical
CVE-2023-51839 was published for @devicefarmer/stf (npm) Jan 29, 2024
Apache Kylin has Insufficiently Protected Credentials High
CVE-2023-29055 was published for org.apache.kylin:kylin-core-common (Maven) Jan 29, 2024
ai-flow Deserialization of Untrusted Data vulnerability Moderate
CVE-2024-0960 was published for ai-flow (pip) Jan 27, 2024
OpenFGA denial of service Moderate
CVE-2024-23820 was published for github.com/openfga/openfga (Go) Jan 26, 2024
Deserialization of untrusted data in synthcity Critical
CVE-2024-0937 was published for synthcity (pip) Jan 26, 2024
m3t3kh4n Credited to m3t3kh4n
Null pointer dereference in PKCS12 parsing Moderate
CVE-2024-0727 was published for cryptography (pip) Jan 26, 2024
m3t3kh4n Credited to m3t3kh4n
Dex discarding TLSconfig and always serves deprecated TLS 1.0/1.1 and insecure ciphers High
CVE-2024-23656 was published for github.com/dexidp/dex (Go) Jan 26, 2024
tuminoid Credited to tuminoid
Quarkus Improper Handling of Insufficient Permissions or Privileges and Improper Handling of Exceptional Conditions vulnerability High
CVE-2023-6267 was published for io.quarkus.resteasy.reactive:resteasy-reactive (Maven) Jan 25, 2024
Arbitrary Code Execution in Processwire High
CVE-2023-24676 was published for processwire/processwire (Composer) Jan 24, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database