Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,023
Erlang
29
GitHub Actions
16
Go
1,830
Maven
5,000+
npm
3,573
NuGet
632
pip
3,152
Pub
10
RubyGems
847
Rust
796
Swift
34
Unreviewed advisories
All unreviewed
5,000+

6,854 advisories

Loading
Evmos vulnerable to exploit of smart contract account and vesting High
CVE-2024-39696 was published for github.com/evmos/evmos/v18 (Go) Jul 10, 2024
GAtom22
node-stringbuilder vulnerable to Out-of-bounds Read High
CVE-2024-21524 was published for node-stringbuilder (npm) Jul 10, 2024
Django Path Traversal vulnerability High
CVE-2024-39330 was published for Django (pip) Jul 10, 2024
node-twain vulnerable to Improper Check or Handling of Exceptional Conditions High
CVE-2024-21525 was published for node-twain (npm) Jul 10, 2024
Django vulnerable to Denial of Service High
CVE-2024-38875 was published for Django (pip) Jul 10, 2024
speaker vulnerable to Denial of Service High
CVE-2024-21526 was published for speaker (npm) Jul 10, 2024
images vulnerable to Denial of Service High
CVE-2024-21523 was published for images (npm) Jul 10, 2024
Django vulnerable to Denial of Service High
CVE-2024-39614 was published for Django (pip) Jul 10, 2024
audify vulnerable to Improper Validation of Array Index High
CVE-2024-21522 was published for audify (npm) Jul 10, 2024
@discordjs/opus vulnerable to Denial of Service High
CVE-2024-21521 was published for @discordjs/opus (npm) Jul 10, 2024
vladfrangu
BookStack Incorrect Access Control vulnerability High
CVE-2024-36676 was published for ssddanbrown/bookstack (Composer) Jul 10, 2024
Microsoft Security Advisory CVE-2024-38095 | .NET Denial of Service Vulnerability High
CVE-2024-38095 was published for Microsoft.NetCore.App.Runtime.linux-arm (NuGet) Jul 9, 2024
Microsoft Security Advisory CVE-2024-38081 | .NET Denial of Service Vulnerability High
CVE-2024-38081 was published for Microsoft.IO.Redist (NuGet) Jul 9, 2024
Microsoft Security Advisory CVE-2024-35264 | .NET Remote Code Execution Vulnerability High
CVE-2024-35264 was published for Microsoft.AspNetCore.App.Runtime.linux-arm (NuGet) Jul 9, 2024
Microsoft Security Advisory CVE-2024-30105 | .NET Denial of Service Vulnerability High
CVE-2024-30105 was published for System.Text.Json (NuGet) Jul 9, 2024
electron-updater Code Signing Bypass on Windows High
CVE-2024-39698 was published for electron-updater (npm) Jul 9, 2024
mmaietta thomas-chauchefoin-bentley-systems
eb-bsi
Spring Cloud Function Framework vulnerable to Denial of Service High
CVE-2024-22271 was published for org.springframework.cloud:spring-cloud-function-context (Maven) Jul 9, 2024
panic on parsing crafted phonenumber inputs High
CVE-2024-39697 was published for phonenumber (Rust) Jul 9, 2024
rubdos
Undertow Denial of Service vulnerability High
CVE-2024-5971 was published for io.undertow:undertow-core (Maven) Jul 8, 2024
Directus Allows Single Sign-On User Enumeration High
CVE-2024-39896 was published for directus (npm) Jul 8, 2024
OPCFoundation.NetStandard.Opc.Ua.Core buffer-management vulnerability High
CVE-2024-33862 was published for OPCFoundation.NetStandard.Opc.Ua.Core (NuGet) Jul 6, 2024
Vanna vulnerable to SQL Injection High
CVE-2024-5753 was published for vanna (pip) Jul 5, 2024
Bypassing IP allow-lists in traefik via HTTP/3 early data requests in QUIC 0-RTT handshakes High
CVE-2024-39321 was published for github.com/traefik/traefik/v2 (Go) Jul 5, 2024
MWedl
Server Side Request Forgery (SSRF) attack in Fedify High
CVE-2024-39687 was published for @fedify/fedify (npm) Jul 5, 2024
ThisIsMissEm
Gogs allows argument injection during the tagging of a new release High
CVE-2024-39933 was published for github.com/gogs/gogs (Go) Jul 4, 2024
ProTip! Advisories are also available from the GraphQL API