GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,134
Erlang
30
GitHub Actions
19
Go
1,941
Maven
5,000+
npm
3,681
NuGet
650
pip
3,299
Pub
11
RubyGems
878
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+
8,984 advisories
Filter by severity
In AshPostgres, empty, atomic, non-bulk actions, policy bypass for side-effects vulnerability.
Moderate
CVE-2024-49756
was published
for
ash_postgres
(Erlang)
Oct 23, 2024
camaleon_cms affected by cross site scripting
Moderate
CVE-2024-48652
was published
for
camaleon_cms
(RubyGems)
Oct 23, 2024
Umbraco CMS Has Incomplete Server Termination During Explicit Sign-Out
Moderate
CVE-2024-48929
was published
for
Umbraco.CMS
(NuGet)
Oct 22, 2024
Umbraco has a Potential Code Execution Risk When Viewing SVG Files in Full Screen in Backoffice
Moderate
CVE-2024-48927
was published
for
Umbraco.Cms
(NuGet)
Oct 22, 2024
Umbraco CMS logout page displayed before session expiration
Moderate
CVE-2024-48926
was published
for
Umbraco.CMS
(NuGet)
Oct 22, 2024
Umbraco CMS vulnerable to stored Cross-site Scripting in the "dictionary name" on Dictionary section
Moderate
CVE-2024-47819
was published
for
@umbraco-cms/backoffice
(npm)
Oct 22, 2024
Cilium's CIDR deny policies may not take effect when a more narrow CIDR allow is present
Moderate
CVE-2024-47825
was published
for
github.com/cilium/cilium
(Go)
Oct 21, 2024
Security Update for the OPC UA .NET Standard Stack
Moderate
CVE-2024-45526
was published
for
OPCFoundation.NetStandard.Opc.Ua
(NuGet)
Oct 18, 2024
Spring Framework DataBinder Case Sensitive Match Exception
Moderate
CVE-2024-38820
was published
for
org.springframework:spring-context
(Maven)
Oct 18, 2024
MessagePack allows untrusted data to lead to DoS attack due to hash collisions and stack overflow
Moderate
CVE-2024-48924
was published
for
MessagePack
(NuGet)
Oct 17, 2024
Exiv2 has a denial of service due to unbounded recursion in QuickTimeVideo::multipleEntriesDecoder
Moderate
CVE-2024-25112
was published
for
exiv2
(pip)
Oct 17, 2024
Exiv2 has an out-of-bounds read in QuickTimeVideo::NikonTagsDecoder
Moderate
CVE-2024-24826
was published
for
exiv2
(pip)
Oct 17, 2024
Path traversal in redaxo
Moderate
CVE-2024-46212
was published
for
redaxo/source
(Composer)
Oct 16, 2024
Possible ReDoS vulnerability in query parameter filtering in Action Dispatch
Moderate
CVE-2024-41128
was published
for
actionpack
(RubyGems)
Oct 15, 2024
Infinite loop in github.com/gomarkdown/markdown
Moderate
CVE-2024-44337
was published
for
github.com/gomarkdown/markdown
(Go)
Oct 15, 2024
VM images built with Image Builder with some providers use default credentials during builds in github.com/kubernetes-sigs/image-builder
Moderate
CVE-2024-9594
was published
for
github.com/kubernetes-sigs/image-builder
(Go)
Oct 15, 2024
Hano allows bypass of CSRF Middleware by a request without Content-Type header.
Moderate
CVE-2024-48913
was published
for
hono
(npm)
Oct 15, 2024
PyO3 has a risk of use-after-free in `borrowed` reads from Python weak references
Moderate
CVE-2024-9979
was published
for
pyo3
(Rust)
Oct 15, 2024
Duplicate Advisory: PyO3 has a risk of use-after-free in `borrowed` reads from Python weak references
Moderate
GHSA-f8x4-f32r-w556
was published
for
pyo3
(Rust)
Oct 15, 2024
•
withdrawn
Cross site scripting in markdown-to-jsx
Moderate
CVE-2024-21535
was published
for
markdown-to-jsx
(npm)
Oct 15, 2024
OpenCanary Executes Commands From Potentially Writable Config File
Moderate
CVE-2024-48911
was published
for
OpenCanary
(pip)
Oct 14, 2024
Eclipse Jetty's ThreadLimitHandler.getRemote() vulnerable to remote DoS attacks
Moderate
CVE-2024-8184
was published
for
org.eclipse.jetty:jetty-server
(Maven)
Oct 14, 2024
One Time Passcode (OTP) is valid longer than expiration timeSeverity
Moderate
GHSA-xmmm-jw76-q7vg
was published
for
org.keycloak:keycloak-core
(Maven)
Oct 14, 2024
Vulnerable Redirect URI Validation Results in Open Redirect
Moderate
GHSA-w8gr-xwp4-r9f7
was published
for
org.keycloak:keycloak-services
(Maven)
Oct 14, 2024
DOM Clobbering Gadget found in astro's client-side router that leads to XSS
Moderate
CVE-2024-47885
was published
for
astro
(npm)
Oct 14, 2024
ProTip!
Advisories are also available from the
GraphQL API