GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,055
Erlang
29
GitHub Actions
19
Go
1,889
Maven
5,000+
npm
3,605
NuGet
638
pip
3,208
Pub
10
RubyGems
852
Rust
816
Swift
35
Unreviewed advisories
All unreviewed
5,000+
1,125 advisories
Filter by severity
Etcd pkg Insecure ciphers are allowed by default
Low
GHSA-5x4g-q5rc-36jp
was published
for
go.etcd.io/etcd/client/pkg/v3
(Go)
Feb 3, 2024
octo-sts vulnerable to unauthenticated attacker causing unbounded CPU and memory usage
Low
CVE-2024-34079
was published
for
github.com/octo-sts/app
(Go)
May 13, 2024
Inclusion of Untrusted polyfill.io Code Vulnerability in fides.js
Low
CVE-2024-38537
was published
for
ethyca-fides
(pip)
Jul 2, 2024
aimeos/ai-admin-graphql improper access control vulnerability allows editors to manage own services
Low
CVE-2024-39324
was published
for
aimeos/ai-admin-graphql
(Composer)
Jul 2, 2024
Improper Privilege Management in djangorestframework-simplejwt
Low
CVE-2024-22513
was published
for
djangorestframework-simplejwt
(pip)
Mar 16, 2024
Improper Certificate Validation vulnerability in Apache Airflow FTP Provider
Low
CVE-2024-29733
was published
for
apache-airflow-providers-ftp
(pip)
Apr 21, 2024
`docker cp` allows unexpected chmod of host files in Moby Docker Engine
Low
CVE-2021-41089
was published
for
github.com/docker/docker
(Go)
Jun 10, 2024
Kubernetes allows bypassing mountable secrets policy imposed by the ServiceAccount admission plugin
Low
CVE-2024-3177
was published
for
k8s.io/kubernetes
(Go)
Apr 23, 2024
Jenkins Telegram Bot Plugin stores the Telegram Bot token in plaintext
Low
CVE-2024-34147
was published
for
org.jenkins-ci.plugins:telegrambot
(Maven)
May 2, 2024
Keycloak leaks configured LDAP bind credentials through the Keycloak admin console
Low
CVE-2024-5967
was published
for
org.keycloak:keycloak-ldap-federation
(Maven)
Jun 21, 2024
DSpace Cross Site Scripting (XSS) via a deposited HTML/XML document
Low
CVE-2024-38364
was published
for
org.dspace:dspace-server-webapp
(Maven)
Jun 25, 2024
NPM IP package incorrectly identifies some private IP addresses as public
Low
CVE-2023-42282
was published
for
ip
(npm)
Feb 8, 2024
Exposure of secrets through system log in Jenkins Structs Plugin
Low
CVE-2024-39458
was published
for
org.jenkins-ci.plugins:structs
(Maven)
Jun 26, 2024
October System module has a Reflected XSS via X-October-Request-Handler Header
Low
CVE-2024-25637
was published
for
october/system
(Composer)
Jun 26, 2024
Low severity (DoS) vulnerability in sequoia-openpgp
Low
GHSA-9344-p847-qm5c
was published
for
sequoia-openpgp
(Rust)
Jun 26, 2024
October System module has an Open Redirect for Administrator Accounts
Low
CVE-2024-24764
was published
for
october/system
(Composer)
Jun 26, 2024
ntpd has Dependency on Vulnerable Third-Party Component
Low
GHSA-37xq-q42p-rv3p
was published
for
ntpd
(Rust)
Aug 24, 2023
Vyper's external calls can overflow return data to return input buffer
Low
CVE-2024-24560
was published
for
vyper
(pip)
Feb 2, 2024
Vyper's `_abi_decode` vulnerable to Memory Overflow
Low
CVE-2024-26149
was published
for
vyper
(pip)
Feb 26, 2024
Apache Airflow does not return the "Cache-Control" header for dynamic content
Low
CVE-2024-25142
was published
for
apache-airflow
(pip)
Jun 14, 2024
Mattermost Desktop App allows for bypassing TCC restrictions on macOS
Low
CVE-2024-36287
was published
for
mattermost-desktop
(npm)
Jun 14, 2024
SQL Injection in Harbor scan log API
Low
CVE-2024-22261
was published
for
github.com/goharbor/harbor
(Go)
Jun 2, 2024
ProTip!
Advisories are also available from the
GraphQL API