GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,261
Erlang
31
GitHub Actions
21
Go
2,024
Maven
5,000+
npm
3,729
NuGet
662
pip
3,407
Pub
12
RubyGems
890
Rust
864
Swift
36
Unreviewed advisories
All unreviewed
5,000+
20,838 advisories
Filter by severity
Path traversal vulnerability in functional web frameworks
High
CVE-2024-38816
was published
for
org.springframework:spring-webflux
(Maven)
Sep 13, 2024
unstructured XML External Entity (XXE)
Moderate
CVE-2024-46455
was published
for
unstructured
(pip)
Dec 9, 2024
Drupal Core Cross-Site Scripting (XSS)
Moderate
CVE-2024-12393
was published
for
drupal/core
(Composer)
Dec 10, 2024
Drupal core contains a potential PHP Object Injection vulnerability
High
CVE-2024-55637
was published
for
drupal/core
(Composer)
Dec 10, 2024
Drupal core contains a potential PHP Object Injection vulnerability
Low
CVE-2024-55636
was published
for
drupal/core
(Composer)
Dec 10, 2024
Drupal core Access bypass
Moderate
CVE-2024-55634
was published
for
drupal/core
(Composer)
Dec 10, 2024
Drupal core contains a potential PHP Object Injection vulnerability
High
CVE-2024-55638
was published
for
drupal/core
(Composer)
Dec 10, 2024
WildFly Elytron OpenID Connect Client Extension authorization code injection attack
Moderate
CVE-2024-12369
was published
for
org.wildfly:wildfly-elytron-oidc-client-subsystem
(Maven)
Dec 9, 2024
luigi Arbitrary File Write via Archive Extraction (Zip Slip)
High
CVE-2024-21542
was published
for
luigi
(pip)
Dec 10, 2024
Nette Database SQL injection
Moderate
CVE-2024-55586
was published
for
nette/database
(Composer)
Dec 10, 2024
CosmWasm VM Incorrect metering
Moderate
GHSA-2q97-m5rc-p3gp
was published
for
cosmwasm-vm
(Go)
Dec 10, 2024
Panic in wasmvm can slow down block production
Moderate
GHSA-vmqh-5232-v43r
was published
for
cosmwasm-vm
(Go)
Dec 10, 2024
Simulation of Wasmd message can cause crashing
Low
GHSA-vmg2-r3xv-r3xf
was published
for
github.com/CosmWasm/wasmd
(Go)
Dec 10, 2024
Angular Expressions - Remote Code Execution when using locals
Critical
CVE-2024-54152
was published
for
angular-expressions
(npm)
Dec 10, 2024
Spring LDAP data exposure vulnerability
Moderate
CVE-2024-38829
was published
for
org.springframework.ldap:spring-ldap-core
(Maven)
Dec 4, 2024
Hugo does not escape some attributes in internal templates
Moderate
CVE-2024-55601
was published
for
github.com/gohugoio/hugo
(Go)
Dec 9, 2024
lxd CA certificate sign check bypass
Low
CVE-2024-6156
was published
for
github.com/canonical/lxd
(Go)
Dec 9, 2024
lxd has a restricted TLS certificate privilege escalation when in PKI mode
Low
CVE-2024-6219
was published
for
github.com/canonical/lxd
(Go)
Dec 9, 2024
Directus allows unauthenticated access to WebSocket events and operations
High
CVE-2024-54151
was published
for
@directus/api
(npm)
Dec 9, 2024
Winter CMS Modules allows a sandbox bypass in Twig templates leading to data modification and deletion
High
CVE-2024-54149
was published
for
winter/wn-cms-module
(Composer)
Dec 9, 2024
Trix editor subject to XSS vulnerabilities on copy & paste
Moderate
CVE-2024-53847
was published
for
trix
(npm)
Dec 9, 2024
NULL Pointer Dereference on moby image history
Moderate
CVE-2024-36620
was published
for
github.com/moby/moby
(Go)
Nov 29, 2024
Apache Superset: Improper SQL authorisation, parse not checking for specific postgres functions
Low
CVE-2024-53947
was published
for
apache-superset
(pip)
Dec 9, 2024
Apache Superset: Lower privilege users are able to create Role when FAB_ADD_SECURITY_API is enabled
High
CVE-2024-53949
was published
for
apache-superset
(pip)
Dec 9, 2024
ProTip!
Advisories are also available from the
GraphQL API