Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
46
GitHub Actions
48
Go
3,361
Maven
5,000+
npm
5,000+
NuGet
881
pip
4,554
Pub
12
RubyGems
1,013
Rust
1,205
Swift
51
Unreviewed advisories
All unreviewed
5,000+

27,998 advisories

Loading
github.com/argoproj/argo-cd Cross-Site Request Forgery vulnerability High
CVE-2024-22424 was published for github.com/argoproj/argo-cd (Go) Jan 19, 2024
aphtrinh Credited to aphtrinh
SurrealDB vulnerable to Uncontrolled CPU Consumption via WebSocket Interface High
GHSA-58j9-j2fj-v8f4 was published for surrealdb (Rust) Jan 19, 2024
JupyterLab vulnerable to potential authentication and CSRF tokens leak High
CVE-2024-22421 was published for jupyterlab (pip) Jan 19, 2024
davwwwx Credited to davwwwx
JupyterLab vulnerable to SXSS in Markdown Preview Moderate
CVE-2024-22420 was published for jupyterlab (pip) Jan 19, 2024
concat built-in can corrupt memory in vyper High
CVE-2024-22419 was published for vyper (pip) Jan 19, 2024
cyberthirst Credited to cyberthirst and kuroi8 kuroi8 kuroi8
Validation of `VoteExtensionsEnableHeight` can cause chain halt in Go package github.com/cometbft/cometbft High
GHSA-qr8r-m495-7hc4 was published for github.com/cometbft/cometbft (Go) Jan 19, 2024
Cross-Site Request Forgery on any API call in pyLoad may lead to admin privilege escalation Critical
CVE-2024-22416 was published for pyload-ng (pip) Jan 19, 2024
PinkDraconian Credited to PinkDraconian and kaydoda kaydoda kaydoda
Resource exhaustion vulnerability in h2 may lead to Denial of Service (DoS) Moderate
GHSA-8r5v-vm4m-4g25 was published for h2 (Rust) Jan 19, 2024
Marvin Attack of RSA and RSAOAEP decryption in jsrsasign High
CVE-2024-21484 was published for jsrsasign (npm) Jan 19, 2024
tomato42 Credited to tomato42
Apache Tomcat vulnerable to Generation of Error Message Containing Sensitive Information Moderate
CVE-2024-21733 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Jan 19, 2024
westonsteimel Credited to westonsteimel
Unsecured endpoints in the jupyter-lsp server extension High
CVE-2024-22415 was published for jupyter-lsp (pip) Jan 18, 2024
Uncontrolled Recursion in SurrealQL Parsing Moderate
GHSA-6r8p-hpg7-825g was published for surrealdb (Rust) Jan 18, 2024
Uncaught Exception processing HTTP Headers in SurrealDB High
GHSA-m24x-r6q3-2vp9 was published for surrealdb (Rust) Jan 18, 2024
Tu0Laj1 Credited to Tu0Laj1
Uncaught Exception in surrealdb Moderate
GHSA-jm4v-58r5-66hj was published for surrealdb (Rust) Jan 18, 2024
Tu0Laj1 Credited to Tu0Laj1 and jabis jabis jabis
Cross-Frame Scripting vulnerability has been found on Plone CMS High
CVE-2024-0669 was published for Plone (pip) Jan 18, 2024
Cross-site scripting (XSS) in Action messages on Avo Moderate
CVE-2024-22411 was published for avo (RubyGems) Jan 17, 2024
stevegeek Credited to stevegeek and tamaloa tamaloa tamaloa
crystals-go vulnerable to KyberSlash (timing side-channel attack for Kyber) High
GHSA-f6jh-hvg2-9525 was published for github.com/kudelskisecurity/crystals-go (Go) Jan 17, 2024
use-after-free in tracing Moderate
GHSA-8f24-6m29-wm2r was published for tracing (Rust) Jan 17, 2024
ferris-says has undefined behavior when not using UTF-8 Low
GHSA-v363-rrf2-5fmj was published for ferris-says (Rust) Jan 17, 2024
Broken Access Control order API in Shopware Moderate
CVE-2024-22407 was published for shopware/core (Composer) Jan 17, 2024
Blind SQL injection in shopware Critical
CVE-2024-22406 was published for shopware/core (Composer) Jan 17, 2024
Cross-site Scripting in Bagisto Moderate
CVE-2023-36236 was published for bagisto/bagisto (Composer) Jan 17, 2024
Stored Cross Site Scripting in beetl-bbs Moderate
CVE-2024-22491 was published for com.ibeetl:beetl (Maven) Jan 16, 2024
CL-Signatures Revocation Scheme in Ursa has flaws that allow a holder to demonstrate non-revocation of a revoked credential Moderate
CVE-2024-21670 was published for anoncreds-clsignatures (Rust) Jan 16, 2024
Ursa CL-Signatures Revocation allows verifiers to generate unique identifiers for holders Moderate
CVE-2024-22192 was published for anoncreds-clsignatures (Rust) Jan 16, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database