Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,967
Erlang
29
GitHub Actions
16
Go
1,747
Maven
4,975
npm
3,507
NuGet
609
pip
3,073
Pub
10
RubyGems
832
Rust
780
Swift
34
Unreviewed advisories
All unreviewed
5,000+

8,625 advisories

Loading
Cross-site Scripting in djangorestframework Moderate
CVE-2024-21520 was published for djangorestframework (pip) Jun 26, 2024
Potential DoS via the Tudoor mechanism in eventlet and dnspython Moderate
CVE-2023-29483 was published for dnspython (pip) Apr 11, 2024
go-retryablehttp can leak basic auth credentials to log files Moderate
CVE-2024-6104 was published for github.com/hashicorp/go-retryablehttp (Go) Jun 24, 2024
Elastic Beats inserts sensitive information into log file Moderate
CVE-2023-49922 was published for github.com/elastic/beats (Go) Dec 12, 2023
levinebw
Cross site scripting in Apache JSPWiki Moderate
CVE-2024-27136 was published for org.apache.jspwiki:jspwiki-main (Maven) Jun 24, 2024
Rancher's External RoleTemplates can lead to privilege escalation Moderate
CVE-2023-32196 was published for github.com/rancher/rancher (Go) Jun 17, 2024
Improper line feed handling in zenml Moderate
CVE-2024-4460 was published for zenml (pip) Jun 24, 2024
CodeChecker has a Path traversal in `CodeChecker server` in the endpoint of `CodeChecker store` Moderate
CVE-2023-49793 was published for codechecker (pip) Jun 24, 2024
Discookie vodorok
whisperity Szelethus bruntib
FriendlyCaptcha Plugin for TYPO3 Captcha Check Bypass Moderate
CVE-2024-38873 was published for studiomitte/friendlycaptcha (Composer) Jun 21, 2024
Remote Code Execution in create_conda_env function in lollms Moderate
CVE-2024-3121 was published for lollms (pip) Jun 24, 2024
netty-handler SniHandler 16MB allocation Moderate
CVE-2023-34462 was published for io.netty:netty-handler (Maven) Jun 20, 2023
vietj
jsonwebtoken's insecure implementation of key retrieval function could lead to Forgeable Public/Private Tokens from RSA to HMAC Moderate
CVE-2022-23541 was published for jsonwebtoken (npm) Dec 22, 2022
Open redirect in gradio Moderate
CVE-2024-4940 was published for gradio (pip) Jun 22, 2024
Arbitrary File Creation in opencart Moderate
CVE-2024-21519 was published for opencart/opencart (Composer) Jun 22, 2024
Cross site scripting in opencart Moderate
CVE-2024-21517 was published for opencart/opencart (Composer) Jun 22, 2024
Cross site scripting in opencart Moderate
CVE-2024-21516 was published for opencart/opencart (Composer) Jun 22, 2024
Cross site scripting in opencart Moderate
CVE-2024-21515 was published for opencart/opencart (Composer) Jun 22, 2024
events2 TYPO3 extension insecure direct object reference (IDOR) vulnerability Moderate
CVE-2024-38874 was published for jweiland/events2 (Composer) Jun 21, 2024
iepn
CrateDB has a Client initialized Session-Renegotiation DoS Moderate
CVE-2024-37309 was published for io.crate:crate (Maven) Jun 13, 2024
BaurzhanSakhariev
Keycloak Cross-site Scripting (XSS) via assertion consumer service URL in SAML POST-binding flow Moderate
CVE-2023-6717 was published for org.keycloak:keycloak-services (Maven) Apr 17, 2024
Apache Tomcat Denial of Service due to improper input validation vulnerability for HTTP/2 requests Moderate
CVE-2024-24549 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Mar 13, 2024
oscerd westonsteimel
Denial of Service via incomplete cleanup vulnerability in Apache Tomcat Moderate
CVE-2024-23672 was published for org.apache.tomcat.embed:tomcat-embed-websocket (Maven) Mar 13, 2024
westonsteimel
Netty's HttpPostRequestDecoder can OOM Moderate
CVE-2024-29025 was published for io.netty:netty-codec-http (Maven) Mar 25, 2024
vietj
Cross site scripting in datatables.net Moderate
CVE-2021-23445 was published for datatables.net (npm) Sep 29, 2021
Using default SSLContext for HTTPS requests in an HTTPS proxy doesn't verify certificate hostname for proxy connection Moderate
CVE-2021-28363 was published for urllib3 (pip) Mar 19, 2021
jalopezsilva pquentin
ProTip! Advisories are also available from the GraphQL API