Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,972
Erlang
29
GitHub Actions
16
Go
1,762
Maven
4,983
npm
3,518
NuGet
609
pip
3,094
Pub
10
RubyGems
833
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+

8,633 advisories

Loading
Docker CLI leaks private registry credentials to registry-1.docker.io Moderate
CVE-2021-41092 was published for github.com/docker/cli (Go) Jun 10, 2024
PocketBase performs password auth and OAuth2 unverified email linking Moderate
CVE-2024-38351 was published for github.com/pocketbase/pocketbase (Go) Jun 18, 2024
dalurness
Lightning Network Daemon (LND)'s onion processing logic leads to a denial of service Moderate
CVE-2024-38359 was published for github.com/lightningnetwork/lnd (Go) Jun 20, 2024
morehouse
Malicious Matrix homeserver can leak truncated message content of messages it shouldn't have access to Moderate
CVE-2024-39691 was published for matrix-appservice-irc (npm) Jul 5, 2024
progval
Denial of service when decrypting attack controlled input in github.com/dvsekhvalnov/jose2go Moderate
GHSA-mhpq-9638-x6pw was published for github.com/dvsekhvalnov/jose2go (Go) Dec 20, 2023
jose2go vulnerable to denial of service via large p2c value Moderate
CVE-2023-50658 was published for github.com/dvsekhvalnov/jose2go (Go) Feb 29, 2024
Pug allows JavaScript code execution if an application accepts untrusted input Moderate
CVE-2024-36361 was published for pug (npm) May 24, 2024
davidrunger
CometBFT is unstability during blocksync when syncing from malicious peer Moderate
GHSA-hg58-rf2h-6rr7 was published for github.com/cometbft/cometbft (Go) Jun 28, 2024
unknownfeature
Grafana world readable configuration files Moderate
CVE-2020-12459 was published for github.com/grafana/grafana (Go) May 24, 2022
Gin mishandles a wildcard at the end of an origin string Moderate
CVE-2019-25211 was published for github.com/gin-contrib/cors (Go) Jun 29, 2024
Moodle broken access control when setting calendar event type Moderate
CVE-2024-33996 was published for moodle/moodle (Composer) May 31, 2024
Moodle Authenticated LFI risk in some misconfigured shared hosting environments Moderate
CVE-2024-34003 was published for moodle/moodle (Composer) May 31, 2024
Moodle Unsanitized HTML in site log for config_log_created Moderate
CVE-2024-34006 was published for moodle/moodle (Composer) May 31, 2024
flatten-json Prototype Pollution Moderate
CVE-2024-36574 was published for @allanlancioni/flatten-json (npm) Jun 17, 2024
Reportico Web fails to invalidate cookies upon logout Moderate
CVE-2024-31556 was published for reportico-web/reportico (Composer) May 14, 2024
MS Basic Cross-site Scripting vulnerability Moderate
CVE-2024-33748 was published for net.mingsoft:ms-basic (Maven) May 7, 2024
Moby (Docker Engine) is vulnerable to Ambiguous OCI manifest parsing Moderate
GHSA-xmmx-7jpf-fx42 was published for github.com/docker/docker (Go) Jun 10, 2024
Information Disclosure Vulnerability in Privacy Center of SERVER_SIDE_FIDES_API_URL Moderate
CVE-2024-31223 was published for ethyca-fides (pip) Jul 5, 2024
RobertKeyser
ai-controller-frontend payment status in basket isn't reset Moderate
CVE-2024-39325 was published for aimeos/ai-controller-frontend (Composer) Jul 5, 2024
ssshah2131
Panic in Pipeline when PgConn is busy or closed in github.com/jackc/pgx Moderate
GHSA-fqpg-rq76-99pq was published for github.com/jackc/pgx/v5 (Go) Jul 5, 2024
github.com/google/nftable IP addresses were encoded in the wrong byte order Moderate
CVE-2024-6284 was published for github.com/google/nftables (Go) Jul 4, 2024
ZITADEL Vulnerable to Session Information Leakage Moderate
CVE-2024-39683 was published for github.com/zitadel/zitadel (Go) Jul 5, 2024
cybertransformer livio-a
fforootd Avolicious srividyaj
Denial of service via malicious preflight requests in github.com/rs/cors Moderate
GHSA-mh55-gqvf-xfwm was published for github.com/rs/cors (Go) Jul 5, 2024
Pomerium exposed OAuth2 access and ID tokens in user info endpoint response Moderate
CVE-2024-39315 was published for github.com/pomerium/pomerium (Go) Jul 5, 2024
Enr1g
Classic builder cache poisoning Moderate
CVE-2024-24557 was published for github.com/docker/docker (Go) Feb 1, 2024
vvoland rumpl
gabriellavengeo
ProTip! Advisories are also available from the GraphQL API