GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,023
Erlang
29
GitHub Actions
16
Go
1,830
Maven
5,000+
npm
3,573
NuGet
632
pip
3,156
Pub
10
RubyGems
847
Rust
796
Swift
34
Unreviewed advisories
All unreviewed
5,000+
8,774 advisories
Filter by severity
btcd susceptible to consensus failures
Moderate
CVE-2024-34478
was published
for
github.com/btcsuite/btcd
(Go)
May 5, 2024
Argo CD leaks repository credentials in user-facing error messages and in logs
Moderate
CVE-2023-25163
was published
for
github.com/argoproj/argo-cd
(Go)
Feb 8, 2023
Path traversal allows leaking out-of-bound files from Argo CD repo-server
Moderate
CVE-2022-24731
was published
for
github.com/argoproj/argo-cd
(Go)
Mar 24, 2022
Possible XSS when using SSO with the CLI in github.com/argoproj/argo-cd/v2
Moderate
CVE-2021-23347
was published
for
github.com/argoproj/argo-cd/v2
(Go)
May 21, 2021
Pulp incorrectly assigns RBAC permissions in tasks that create objects
Moderate
CVE-2024-7143
was published
for
pulpcore
(pip)
Aug 7, 2024
HTTP/2 Stream Cancellation Attack
Moderate
CVE-2023-44487
was published
for
com.typesafe.akka:akka-http-core
(Go)
Oct 10, 2023
In regclient, pinned manifest digests may be ignored
Moderate
GHSA-qv35-3gw6-8q4j
was published
for
github.com/regclient/regclient
(Go)
Aug 5, 2024
APM Server vulnerable to Insertion of Sensitive Information into Log File
Moderate
CVE-2024-37286
was published
for
github.com/elastic/apm-server
(Go)
Aug 3, 2024
Podman vulnerable to memory-based denial of service
Moderate
CVE-2024-3056
was published
for
github.com/containers/podman
(Go)
Aug 2, 2024
Navidrome uses MD5 hashing algorithm
Moderate
CVE-2024-41259
was published
for
github.com/navidrome/navidrome
(Go)
Aug 1, 2024
casdoor's use of`ssh.InsecureIgnoreHostKey()` disables host key verification
Moderate
CVE-2024-41264
was published
for
github.com/casdoor/casdoor
(Go)
Aug 1, 2024
Mattermost allows remote actor to create/update/delete posts in arbitrary channels
Moderate
CVE-2024-41144
was published
for
github.com/mattermost/mattermost/server/v8
(Go)
Aug 1, 2024
Mattermost allows a remote actor to make an arbitrary local channel read-only
Moderate
CVE-2024-41162
was published
for
github.com/mattermost/mattermost/server/v8
(Go)
Aug 1, 2024
Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling
Moderate
CVE-2024-39832
was published
for
github.com/mattermost/mattermost/server/v8
(Go)
Aug 1, 2024
Mattermost allows a user on a remote to set their remote username prop to an arbitrary string
Moderate
CVE-2024-39839
was published
for
github.com/mattermost/mattermost/server/v8
(Go)
Aug 1, 2024
Django vulnerable to denial-of-service attack
Moderate
CVE-2024-41991
was published
for
Django
(pip)
Aug 7, 2024
Django vulnerable to a denial-of-service attack
Moderate
CVE-2024-41990
was published
for
Django
(pip)
Aug 7, 2024
Django memory consumption vulnerability
Moderate
CVE-2024-41989
was published
for
Django
(pip)
Aug 7, 2024
Jenkins does not perform a permission check in an HTTP endpoint
Moderate
CVE-2024-43045
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
Aug 7, 2024
Magento Open Source Incorrect Authorization vulnerability
Moderate
CVE-2024-34106
was published
for
magento/community-edition
(Composer)
Jun 13, 2024
Magento Open Source Cross-Site Scripting (XSS) vulnerability
Moderate
CVE-2024-34105
was published
for
magento/community-edition
(Composer)
Jun 13, 2024
Magento Open Source Server-Side Request Forgery (SSRF) vulnerability
Moderate
CVE-2024-34111
was published
for
magento/community-edition
(Composer)
Jun 13, 2024
Magento Open Source Improper Access Control vulnerability
Moderate
CVE-2024-34107
was published
for
magento/community-edition
(Composer)
Jun 13, 2024
ZITADEL has improper HTML sanitization in emails and Console UI
Moderate
CVE-2024-41953
was published
for
github.com/zitadel/zitadel
(Go)
Jul 31, 2024
ZITADEL "ignoring unknown usernames" vulnerability
Moderate
CVE-2024-41952
was published
for
github.com/zitadel/zitadel
(Go)
Jul 31, 2024
ProTip!
Advisories are also available from the
GraphQL API