GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 20,353
Composer 4,134
Erlang 30
GitHub Actions 19
Go 1,941
Maven 5,135
npm 3,681
NuGet 650
pip 3,299
Pub 11
RubyGems 878
Rust 830
Swift 35

Unreviewed advisories

All unreviewed 231,523

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

8,984 advisories

Filter by severity

Sort by

Least recently updated

In AshPostgres, empty, atomic, non-bulk actions, policy bypass for side-effects vulnerability. Moderate

CVE-2024-49756 was published for ash_postgres (Erlang) Oct 23, 2024

camaleon_cms affected by cross site scripting Moderate

CVE-2024-48652 was published for camaleon_cms (RubyGems) Oct 23, 2024

Umbraco CMS Has Incomplete Server Termination During Explicit Sign-Out Moderate

CVE-2024-48929 was published for Umbraco.CMS (NuGet) Oct 22, 2024

Umbraco has a Potential Code Execution Risk When Viewing SVG Files in Full Screen in Backoffice Moderate

CVE-2024-48927 was published for Umbraco.Cms (NuGet) Oct 22, 2024

Umbraco CMS logout page displayed before session expiration Moderate

CVE-2024-48926 was published for Umbraco.CMS (NuGet) Oct 22, 2024

Umbraco CMS vulnerable to stored Cross-site Scripting in the "dictionary name" on Dictionary section Moderate

CVE-2024-47819 was published for @umbraco-cms/backoffice (npm) Oct 22, 2024

Cilium's CIDR deny policies may not take effect when a more narrow CIDR allow is present Moderate

CVE-2024-47825 was published for github.com/cilium/cilium (Go) Oct 21, 2024

Security Update for the OPC UA .NET Standard Stack Moderate

CVE-2024-45526 was published for OPCFoundation.NetStandard.Opc.Ua (NuGet) Oct 18, 2024

Spring Framework DataBinder Case Sensitive Match Exception Moderate

CVE-2024-38820 was published for org.springframework:spring-context (Maven) Oct 18, 2024

MessagePack allows untrusted data to lead to DoS attack due to hash collisions and stack overflow Moderate

CVE-2024-48924 was published for MessagePack (NuGet) Oct 17, 2024

Exiv2 has a denial of service due to unbounded recursion in QuickTimeVideo::multipleEntriesDecoder Moderate

CVE-2024-25112 was published for exiv2 (pip) Oct 17, 2024

Exiv2 has an out-of-bounds read in QuickTimeVideo::NikonTagsDecoder Moderate

CVE-2024-24826 was published for exiv2 (pip) Oct 17, 2024

Path traversal in redaxo Moderate

CVE-2024-46212 was published for redaxo/source (Composer) Oct 16, 2024

Possible ReDoS vulnerability in query parameter filtering in Action Dispatch Moderate

CVE-2024-41128 was published for actionpack (RubyGems) Oct 15, 2024

Infinite loop in github.com/gomarkdown/markdown Moderate

CVE-2024-44337 was published for github.com/gomarkdown/markdown (Go) Oct 15, 2024

VM images built with Image Builder with some providers use default credentials during builds in github.com/kubernetes-sigs/image-builder Moderate

CVE-2024-9594 was published for github.com/kubernetes-sigs/image-builder (Go) Oct 15, 2024

Hano allows bypass of CSRF Middleware by a request without Content-Type header. Moderate

CVE-2024-48913 was published for hono (npm) Oct 15, 2024

PyO3 has a risk of use-after-free in `borrowed` reads from Python weak references Moderate

CVE-2024-9979 was published for pyo3 (Rust) Oct 15, 2024

Duplicate Advisory: PyO3 has a risk of use-after-free in `borrowed` reads from Python weak references Moderate

GHSA-f8x4-f32r-w556 was published for pyo3 (Rust) Oct 15, 2024 • withdrawn

Cross site scripting in markdown-to-jsx Moderate

CVE-2024-21535 was published for markdown-to-jsx (npm) Oct 15, 2024

OpenCanary Executes Commands From Potentially Writable Config File Moderate

CVE-2024-48911 was published for OpenCanary (pip) Oct 14, 2024

Eclipse Jetty's ThreadLimitHandler.getRemote() vulnerable to remote DoS attacks Moderate

CVE-2024-8184 was published for org.eclipse.jetty:jetty-server (Maven) Oct 14, 2024

One Time Passcode (OTP) is valid longer than expiration timeSeverity Moderate

GHSA-xmmm-jw76-q7vg was published for org.keycloak:keycloak-core (Maven) Oct 14, 2024

Vulnerable Redirect URI Validation Results in Open Redirect Moderate

GHSA-w8gr-xwp4-r9f7 was published for org.keycloak:keycloak-services (Maven) Oct 14, 2024

DOM Clobbering Gadget found in astro's client-side router that leads to XSS Moderate

CVE-2024-47885 was published for astro (npm) Oct 14, 2024

Previous 1 2 3 4 5 … 359 360 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

8,984 advisories