GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,251
Erlang
31
GitHub Actions
21
Go
2,018
Maven
5,000+
npm
3,725
NuGet
662
pip
3,400
Pub
11
RubyGems
890
Rust
861
Swift
36
Unreviewed advisories
All unreviewed
5,000+
20,808 advisories
Filter by severity
Ansible galaxy-importer Path Traversal vulnerability
Moderate
CVE-2023-5189
was published
for
galaxy-importer
(pip)
Nov 15, 2023
Ansible symlink attack vulnerability
Moderate
CVE-2023-5115
was published
for
ansible
(pip)
Dec 28, 2023
Bouncy Castle certificate parsing issues cause high CPU usage during parameter evaluation.
Moderate
CVE-2024-29857
was published
for
BouncyCastle
(Maven)
May 14, 2024
runc AppArmor bypass with symlinked /proc
Moderate
CVE-2023-28642
was published
for
github.com/opencontainers/runc
(Go)
Mar 30, 2023
Missing security headers in Action Pack on non-HTML responses
Moderate
CVE-2024-28103
was published
for
actionpack
(RubyGems)
Jun 4, 2024
Opencontainers runc Incorrect Authorization vulnerability
High
CVE-2023-27561
was published
for
github.com/opencontainers/runc
(Go)
Mar 3, 2023
Quarkus CXF logs passwords and other secrets
Moderate
CVE-2024-9621
was published
for
io.quarkiverse.cxf:quarkus-cxf
(Maven)
Oct 8, 2024
Unpatched `path-to-regexp` ReDoS in 0.1.x
Moderate
CVE-2024-52798
was published
for
path-to-regexp
(npm)
Dec 5, 2024
sigstore-java has a vulnerability with bundle verification
Low
CVE-2024-54140
was published
for
dev.sigstore:sigstore-java
(Maven)
Dec 5, 2024
Directus has an HTML Injection in Comment
Moderate
CVE-2024-54128
was published
for
@directus/app
(npm)
Dec 5, 2024
Improper Authentication in Spring Authorization Server
Moderate
CVE-2024-22258
was published
for
org.springframework.security:spring-security-oauth2-authorization-server
(Maven)
Mar 20, 2024
OpenStack improperly deletes access rules
Moderate
CVE-2023-6110
was published
for
python-openstackclient
(pip)
Nov 17, 2024
Drupal core vulnerable to improper error handling
Moderate
CVE-2024-11942
was published
for
drupal/core
(Composer)
Dec 5, 2024
Drupal core Denial of Service
High
CVE-2024-11941
was published
for
drupal/core
(Composer)
Dec 5, 2024
Apache Hive: Deserialization of untrusted data when fetching partitions from the Metastore
High
CVE-2022-41137
was published
for
org.apache.hive:hive-exec
(Maven)
Dec 5, 2024
Firepad allows insecure document access
Low
CVE-2024-51210
was published
for
firepad
(npm)
Dec 4, 2024
Build corruption when using `PYO3_CONFIG_FILE` environment variable
Moderate
GHSA-vxcf-c7mx-pg53
was published
for
pyo3
(Rust)
Dec 5, 2024
jFinal Server-Side Template Injection vulnerability
Critical
CVE-2021-31635
was published
for
com.jfinal:jfinal
(Maven)
Jun 26, 2023
Unsound usages of `std::slice::from_raw_parts`
Low
GHSA-gw5w-5j7f-jmjj
was published
for
pprof
(Rust)
Dec 5, 2024
rPGP Potential Resource Exhaustion when handling Untrusted Messages
High
CVE-2024-53857
was published
for
pgp
(Rust)
Dec 5, 2024
rPGP Panics on Malformed Untrusted Input
High
CVE-2024-53856
was published
for
pgp
(Rust)
Dec 5, 2024
Jenkins GitHub Pull Request Builder Plugin credential capture vulnerability
Low
CVE-2018-1000186
was published
for
org.jenkins-ci.plugins:ghprb
(Maven)
May 14, 2022
MySQL Connectors takeover vulnerability
High
CVE-2023-22102
was published
for
com.mysql:mysql-connector-j
(Maven)
Oct 18, 2023
OpenStack Neutron can use an incorrect ID during policy enforcement
Moderate
CVE-2024-53916
was published
for
neutron
(pip)
Nov 25, 2024
MediaWiki UnlinkedWikibase Cross-site Scripting vulnerability
Moderate
CVE-2024-34500
was published
for
samwilson/unlinked-wikibase
(Composer)
May 5, 2024
ProTip!
Advisories are also available from the
GraphQL API