Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,992
Erlang
29
GitHub Actions
16
Go
1,780
Maven
5,000+
npm
3,544
NuGet
619
pip
3,134
Pub
10
RubyGems
838
Rust
794
Swift
34
Unreviewed advisories
All unreviewed
5,000+

8,712 advisories

Loading
Reflected Cross Site-Scripting (XSS) in Oveleon Cookiebar Moderate
GHSA-296q-rj83-g9rq was published for oveleon/contao-cookiebar (Composer) Jul 26, 2024
usdResponsibleDisclosure
Elasticsearch Insertion of Sensitive Information into Log File Moderate
CVE-2023-49921 was published for org.elasticsearch:elasticsearch (Maven) Jul 26, 2024
snapd failed to properly check the destination of symbolic links when extracting a snap Moderate
CVE-2024-29069 was published for github.com/snapcore/snapd (Go) Jul 25, 2024
Craft CMS Allows TOTP Token To Stay Valid After Use Moderate
CVE-2024-41800 was published for craftcms/cms (Composer) Jul 25, 2024
FabianTUW
The Argo CD web terminal session does not handle the revocation of user permissions properly Moderate
CVE-2024-41666 was published for github.com/argoproj/argo-cd (Go) Jul 24, 2024
ClownandBox crenshaw-dev
pasha-codefresh
XML External Entity Reference (XXE) in the XML Format Plugin in Apache Drill Moderate
CVE-2023-48362 was published for org.apache.drill.exec:drill-java-exec (Maven) Jul 24, 2024
OpenStack Nova vulnerable to unauthorized access to potentially sensitive data Moderate
CVE-2024-40767 was published for Nova (pip) Jul 24, 2024
Apache Arrow Rust Object Store: AWS WebIdentityToken exposure in log files Moderate
CVE-2024-41178 was published for object_store (Rust) Jul 23, 2024
oscerd
vue-template-compiler vulnerable to client-side Cross-Site Scripting (XSS) Moderate
CVE-2024-6783 was published for vue-template-compiler (npm) Jul 23, 2024
SixLabors ImageSharp has Excessive Memory Allocation in Gif Decoder Moderate
CVE-2024-41132 was published for SixLabors.ImageSharp (NuGet) Jul 22, 2024
ErazerBrecht
ops leaking secrets if `subprocess.CalledProcessError` happens with a `secret-*` CLI command Moderate
CVE-2024-41129 was published for ops (pip) Jul 22, 2024
phvalguima
openssl's `MemBio::get_buf` has undefined behavior with empty buffers Moderate
GHSA-q445-7m23-qrmw was published for openssl (Rust) Jul 22, 2024
DNSJava vulnerable to KeyTrap - Denial-of-Service Algorithmic Complexity Attacks Moderate
GHSA-crjg-w57m-rqqf was published for dnsjava:dnsjava (Maven) Jul 22, 2024
Anki Latex Incomplete Blocklist Vulnerability Moderate
CVE-2024-29073 was published for anki (pip) Jul 22, 2024
Jayy001
DNSJava affected by KeyTrap - NSEC3 closest encloser proof can exhaust CPU resources Moderate
GHSA-mmwx-rj87-vfgr was published for dnsjava:dnsjava (Maven) Jul 22, 2024
Apache Syncope Improper Input Validation vulnerability Moderate
CVE-2024-38503 was published for org.apache.syncope.client.idrepo:syncope-client-idrepo-common-ui (Maven) Jul 22, 2024
Apache RocketMQ Vulnerable to Unauthorized Exposure of Sensitive Data Moderate
CVE-2024-23321 was published for org.apache.rocketmq:rocketmq-all (Maven) Jul 22, 2024
oscerd
SFTPGo's JWT implmentation lacks certain security measures Moderate
CVE-2024-40430 was published for github.com/drakkan/sftpgo/v2 (Go) Jul 22, 2024
Backdrop CMS does not sufficiently sanitize field labels before they are displayed in certain places Moderate
CVE-2024-41709 was published for backdrop/backdrop (Composer) Jul 22, 2024
Guardrails AI vulnerable to Improper Restriction of XML External Entity Reference Moderate
CVE-2024-6961 was published for guardrails-ai (pip) Jul 21, 2024
ProcessWire Cross Site Request Forgery vulnerability Moderate
CVE-2024-41597 was published for processwire/processwire (Composer) Jul 19, 2024
Calibre-Web Cross Site Scripting (XSS) Moderate
CVE-2024-39123 was published for calibreweb (pip) Jul 19, 2024
Apache CXF Denial of Service vulnerability in JOSE Moderate
CVE-2024-32007 was published for org.apache.cxf:cxf-rt-rs-security-jose (Maven) Jul 19, 2024
TorchServe vulnerable to bypass of allowed_urls configuration Moderate
CVE-2024-35198 was published for torchserve (pip) Jul 18, 2024
Kubernetes sets incorrect permissions on Windows containers logs Moderate
CVE-2024-5321 was published for k8s.io/kubernetes (Go) Jul 18, 2024
ProTip! Advisories are also available from the GraphQL API