GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,056
Erlang
29
GitHub Actions
19
Go
1,889
Maven
5,000+
npm
3,613
NuGet
638
pip
3,210
Pub
10
RubyGems
854
Rust
817
Swift
35
Unreviewed advisories
All unreviewed
5,000+
19,979 advisories
Filter by severity
omniauth-saml vulnerable to Improper Verification of Cryptographic Signature
Critical
GHSA-cvp8-5r8g-fhvq
was published
for
omniauth-saml
(RubyGems)
Sep 11, 2024
Sensitive Information Exposure Through Insecure Logging For Secrets Like Metadata.DockerBuildArgs
Moderate
GHSA-rjc6-vm4h-85cg
was published
for
aws-sam-cli
(pip)
Sep 11, 2024
AWS SageMaker Training Toolkit logs CodeArtifact Authorization token
Moderate
GHSA-635v-pc42-fr74
was published
for
sagemaker-training
(pip)
Sep 11, 2024
Untrusted Query Object Evaluation in RPC API
High
GHSA-64f8-pjgr-9wmr
was published
for
surrealdb
(Rust)
Sep 11, 2024
Eclipse Dataspace Components's ConsumerPullTransferTokenValidationApiController doesn't check for token validit
Moderate
CVE-2024-8642
was published
for
org.eclipse.edc:transfer-data-plane
(Maven)
Sep 11, 2024
Eclipse Glassfish URL redirection vulnerability
Moderate
CVE-2024-8646
was published
for
org.glassfish.main.web:web-core
(Maven)
Sep 11, 2024
dset Prototype Pollution vulnerability
High
CVE-2024-21529
was published
for
dset
(npm)
Sep 11, 2024
Session is cached for OpenID and OAuth2 if `redirect` is not used
High
CVE-2024-45596
was published
for
@directus/api
(npm)
Sep 10, 2024
D-Tale vulnerable to Remote Code Execution through the Query input on Chart Builder
Moderate
CVE-2024-45595
was published
for
dtale
(pip)
Sep 10, 2024
send vulnerable to template injection that can lead to XSS
Moderate
CVE-2024-43799
was published
for
send
(npm)
Sep 10, 2024
serve-static vulnerable to template injection that can lead to XSS
Moderate
CVE-2024-43800
was published
for
serve-static
(npm)
Sep 10, 2024
SAML authentication bypass via Incorrect XPath selector
Critical
CVE-2024-45409
was published
for
ruby-saml
(RubyGems)
Sep 10, 2024
express vulnerable to XSS via response.redirect()
Moderate
CVE-2024-43796
was published
for
express
(npm)
Sep 10, 2024
Keycloak Denial of Service vulnerability
Moderate
CVE-2023-6841
was published
for
org.keycloak:keycloak-core
(Maven)
Sep 10, 2024
XWiki Platform document history including authors of any page exposed to unauthorized actors
Moderate
CVE-2024-45591
was published
for
org.xwiki.platform:xwiki-platform-rest-server
(Maven)
Sep 10, 2024
auditor-bundle vulnerable to Cross-site Scripting because name of entity does not get escaped
High
CVE-2024-45592
was published
for
damienharper/auditor-bundle
(Composer)
Sep 10, 2024
body-parser vulnerable to denial of service when url encoding is enabled
High
CVE-2024-45590
was published
for
body-parser
(npm)
Sep 10, 2024
node-gettext vulnerable to Prototype Pollution
Moderate
CVE-2024-21528
was published
for
node-gettext
(npm)
Sep 10, 2024
ThinkPHP deserialization vulnerability
Critical
CVE-2024-44902
was published
for
topthink/framework
(Composer)
Sep 9, 2024
Keycloak Open Redirect vulnerability
Moderate
CVE-2024-7260
was published
for
org.keycloak:keycloak-core
(Maven)
Sep 9, 2024
Keycloak Uses a Key Past its Expiration Date
Moderate
CVE-2024-7318
was published
for
org.keycloak:keycloak-core
(Maven)
Sep 9, 2024
Keycloak Session Fixation vulnerability
High
CVE-2024-7341
was published
for
org.keycloak:keycloak-services
(Maven)
Sep 9, 2024
Twig has a possible sandbox bypass
High
CVE-2024-45411
was published
for
twig/twig
(Composer)
Sep 9, 2024
path-to-regexp outputs backtracking regular expressions
High
CVE-2024-45296
was published
for
path-to-regexp
(npm)
Sep 9, 2024
Craft CMS vulnerable to stored XSS in breadcrumb list and title fields
Moderate
CVE-2024-45406
was published
for
craftcms/cms
(Composer)
Sep 9, 2024
ProTip!
Advisories are also available from the
GraphQL API