GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,972
Erlang
29
GitHub Actions
16
Go
1,762
Maven
4,983
npm
3,518
NuGet
609
pip
3,094
Pub
10
RubyGems
833
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
8,633 advisories
Filter by severity
Docker CLI leaks private registry credentials to registry-1.docker.io
Moderate
CVE-2021-41092
was published
for
github.com/docker/cli
(Go)
Jun 10, 2024
PocketBase performs password auth and OAuth2 unverified email linking
Moderate
CVE-2024-38351
was published
for
github.com/pocketbase/pocketbase
(Go)
Jun 18, 2024
Lightning Network Daemon (LND)'s onion processing logic leads to a denial of service
Moderate
CVE-2024-38359
was published
for
github.com/lightningnetwork/lnd
(Go)
Jun 20, 2024
Malicious Matrix homeserver can leak truncated message content of messages it shouldn't have access to
Moderate
CVE-2024-39691
was published
for
matrix-appservice-irc
(npm)
Jul 5, 2024
Denial of service when decrypting attack controlled input in github.com/dvsekhvalnov/jose2go
Moderate
GHSA-mhpq-9638-x6pw
was published
for
github.com/dvsekhvalnov/jose2go
(Go)
Dec 20, 2023
jose2go vulnerable to denial of service via large p2c value
Moderate
CVE-2023-50658
was published
for
github.com/dvsekhvalnov/jose2go
(Go)
Feb 29, 2024
Pug allows JavaScript code execution if an application accepts untrusted input
Moderate
CVE-2024-36361
was published
for
pug
(npm)
May 24, 2024
CometBFT is unstability during blocksync when syncing from malicious peer
Moderate
GHSA-hg58-rf2h-6rr7
was published
for
github.com/cometbft/cometbft
(Go)
Jun 28, 2024
Grafana world readable configuration files
Moderate
CVE-2020-12459
was published
for
github.com/grafana/grafana
(Go)
May 24, 2022
Gin mishandles a wildcard at the end of an origin string
Moderate
CVE-2019-25211
was published
for
github.com/gin-contrib/cors
(Go)
Jun 29, 2024
Moodle broken access control when setting calendar event type
Moderate
CVE-2024-33996
was published
for
moodle/moodle
(Composer)
May 31, 2024
Moodle Authenticated LFI risk in some misconfigured shared hosting environments
Moderate
CVE-2024-34003
was published
for
moodle/moodle
(Composer)
May 31, 2024
Moodle Unsanitized HTML in site log for config_log_created
Moderate
CVE-2024-34006
was published
for
moodle/moodle
(Composer)
May 31, 2024
flatten-json Prototype Pollution
Moderate
CVE-2024-36574
was published
for
@allanlancioni/flatten-json
(npm)
Jun 17, 2024
Reportico Web fails to invalidate cookies upon logout
Moderate
CVE-2024-31556
was published
for
reportico-web/reportico
(Composer)
May 14, 2024
MS Basic Cross-site Scripting vulnerability
Moderate
CVE-2024-33748
was published
for
net.mingsoft:ms-basic
(Maven)
May 7, 2024
Moby (Docker Engine) is vulnerable to Ambiguous OCI manifest parsing
Moderate
GHSA-xmmx-7jpf-fx42
was published
for
github.com/docker/docker
(Go)
Jun 10, 2024
Information Disclosure Vulnerability in Privacy Center of SERVER_SIDE_FIDES_API_URL
Moderate
CVE-2024-31223
was published
for
ethyca-fides
(pip)
Jul 5, 2024
ai-controller-frontend payment status in basket isn't reset
Moderate
CVE-2024-39325
was published
for
aimeos/ai-controller-frontend
(Composer)
Jul 5, 2024
Panic in Pipeline when PgConn is busy or closed in github.com/jackc/pgx
Moderate
GHSA-fqpg-rq76-99pq
was published
for
github.com/jackc/pgx/v5
(Go)
Jul 5, 2024
github.com/google/nftable IP addresses were encoded in the wrong byte order
Moderate
CVE-2024-6284
was published
for
github.com/google/nftables
(Go)
Jul 4, 2024
ZITADEL Vulnerable to Session Information Leakage
Moderate
CVE-2024-39683
was published
for
github.com/zitadel/zitadel
(Go)
Jul 5, 2024
Denial of service via malicious preflight requests in github.com/rs/cors
Moderate
GHSA-mh55-gqvf-xfwm
was published
for
github.com/rs/cors
(Go)
Jul 5, 2024
Pomerium exposed OAuth2 access and ID tokens in user info endpoint response
Moderate
CVE-2024-39315
was published
for
github.com/pomerium/pomerium
(Go)
Jul 5, 2024
Classic builder cache poisoning
Moderate
CVE-2024-24557
was published
for
github.com/docker/docker
(Go)
Feb 1, 2024
ProTip!
Advisories are also available from the
GraphQL API