GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,958
Erlang
29
GitHub Actions
16
Go
1,745
Maven
4,971
npm
3,507
NuGet
609
pip
3,066
Pub
10
RubyGems
832
Rust
780
Swift
34
Unreviewed advisories
All unreviewed
5,000+
1,073 advisories
Filter by severity
Contao: Unencoded insert tags in the frontend
Low
CVE-2024-28191
was published
for
contao/core-bundle
(Composer)
Apr 9, 2024
Xuxueli xxl-job template injection vulnerability
Low
CVE-2024-3366
was published
for
com.xuxueli:xxl-job-core
(Maven)
Apr 6, 2024
Mattermost Server Improper Access Control
Low
CVE-2024-21848
was published
for
github.com/mattermost/mattermost/server/v8
(Go)
Apr 5, 2024
Undici's fetch with integrity option is too lax when algorithm is specified but hash value is in incorrect
Low
CVE-2024-30261
was published
for
undici
(npm)
Apr 4, 2024
Undici's Proxy-Authorization header not cleared on cross-origin redirect for dispatch, request, stream, pipeline
Low
CVE-2024-30260
was published
for
undici
(npm)
Apr 4, 2024
Concrete CMS Stored XSS on the calendar color settings screen
Low
CVE-2024-2753
was published
for
concrete5/concrete5
(Composer)
Apr 3, 2024
Concrete CMS Stored XSS in the Search Field
Low
CVE-2024-3181
was published
for
concrete5/concrete5
(Composer)
Apr 3, 2024
Concrete CMS Cross-site Scripting (XSS) in the Advanced File Search Filter
Low
CVE-2024-3178
was published
for
concrete5/concrete5
(Composer)
Apr 3, 2024
Concrete CMS Stored XSS in blocks of type file
Low
CVE-2024-3180
was published
for
concrete5/concrete5
(Composer)
Apr 3, 2024
Concrete CMS Stored XSS in the Custom Class page editing
Low
CVE-2024-3179
was published
for
concrete5/concrete5
(Composer)
Apr 3, 2024
Wasmtime vulnerable to panic when using a dropped extenref-typed element segment
Low
CVE-2024-30266
was published
for
wasmtime
(Rust)
Apr 2, 2024
RosarioSIS cross site scripting vulnerability
Low
CVE-2024-3138
was published
for
francoisjacquet/rosariosis
(Composer)
Apr 2, 2024
Unauthenticated views may expose information to anonymous users
Low
CVE-2024-29199
was published
for
nautobot
(pip)
Mar 26, 2024
phpMyFAQ Path Traversal in Attachments
Low
CVE-2024-29196
was published
for
phpmyfaq/phpmyfaq
(Composer)
Mar 25, 2024
Umbraco possible user enumeration
Low
CVE-2024-28868
was published
for
UmbracoCMS
(NuGet)
Mar 20, 2024
Dynamic Variable Evaluation in qiskit-ibm-runtime
Low
GHSA-cq96-9974-v8hm
was published
for
qiskit-ibm-runtime
(pip)
Mar 20, 2024
[TagAwareCipher] - Decryption Failure (Regex Match)
Low
CVE-2024-28864
was published
for
ilicmiljan/secure-props
(Composer)
Mar 18, 2024
Regular expression denial-of-service in Django
Low
CVE-2024-27351
was published
for
django
(pip)
Mar 15, 2024
fgr Vulnerable to Insecure Default Variable Initialization
Low
GHSA-879p-8gw4-mcpw
was published
for
fgr
(pip)
Mar 15, 2024
quiche vulnerable to unbounded storage of information related to connection ID retirement
Low
CVE-2024-1410
was published
for
quiche
(Rust)
Mar 13, 2024
In Quarkus, git credentials could be inadvertently published
Low
CVE-2024-1979
was published
for
io.quarkus:quarkus-kubernetes-deployment
(Maven)
Mar 13, 2024
Concrete CMS Stored Cross-site Scripting vulnerability
Low
CVE-2024-2179
was published
for
concrete5/concrete5
(Composer)
Mar 5, 2024
LangChain directory traversal vulnerability
Low
CVE-2024-28088
was published
for
langchain
(pip)
Mar 4, 2024
Potential leakage of Sentry auth tokens by React Native SDK with Expo plugin
Low
GHSA-68c2-4mpx-qh95
was published
for
@sentry/react-native
(npm)
Mar 1, 2024
ProTip!
Advisories are also available from the
GraphQL API