GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
8,708 advisories
gix refs and paths with reserved Windows device names access the devices
Moderate
CVE-2024-35197
was published
for
gitoxide
(Rust)
May 22, 2024
Ollama does not validate the format of the digest (sha256 with 64 hex digits)
Moderate
CVE-2024-37032
was published
for
github.com/ollama/ollama
(Go)
May 31, 2024
@jmondi/url-to-png contains a Path Traversal vulnerability
Moderate
CVE-2024-39918
was published
for
@jmondi/url-to-png
(npm)
Jul 15, 2024
The FIDO2/Webauthn Support for PHP library allows enumeration of valid usernames
Moderate
CVE-2024-39912
was published
for
web-auth/webauthn-framework
(Composer)
Jul 15, 2024
ZITADEL Go's GRPC example code vulnerability - GO-2024-2687 HTTP/2 CONTINUATION flood in net/http
Moderate
GHSA-qc6v-5g5m-8cw2
was published
for
github.com/zitadel/zitadel-go/v3
(Go)
Jul 15, 2024
SQL Injection in the KubeClarity REST API
Moderate
CVE-2024-39909
was published
for
github.com/openclarity/kubeclarity/backend
(Go)
Jul 12, 2024
PrivateBin allows shortening of URLs for other domains
Moderate
CVE-2024-39899
was published
for
privatebin/privatebin
(Composer)
Jul 10, 2024
RailsAdmin Cross-site Scripting vulnerability in the list view
Moderate
CVE-2024-39308
was published
for
rails_admin
(RubyGems)
Jul 8, 2024
Red-DiscordBot vulnerable to Incorrect Authorization in commands API
Moderate
CVE-2024-39905
was published
for
Red-DiscordBot
(pip)
Jul 11, 2024
Wagtail regular expression denial-of-service via search query parsing
Moderate
CVE-2024-39317
was published
for
wagtail
(pip)
Jul 11, 2024
Internationalized Domain Names in Applications (IDNA) vulnerable to denial of service from specially crafted inputs to idna.encode
Moderate
CVE-2024-3651
was published
for
idna
(pip)
Apr 11, 2024
ProTip!
Advisories are also available from the
GraphQL API