GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,255
Erlang
31
GitHub Actions
21
Go
2,021
Maven
5,000+
npm
3,728
NuGet
662
pip
3,406
Pub
12
RubyGems
890
Rust
862
Swift
36
Unreviewed advisories
All unreviewed
5,000+
20,826 advisories
Filter by severity
lxd CA certificate sign check bypass
Low
CVE-2024-6156
was published
for
github.com/canonical/lxd
(Go)
Dec 9, 2024
lxd has a restricted TLS certificate privilege escalation when in PKI mode
Low
CVE-2024-6219
was published
for
github.com/canonical/lxd
(Go)
Dec 9, 2024
unstructured XML External Entity (XXE)
Moderate
CVE-2024-46455
was published
for
unstructured
(pip)
Dec 9, 2024
Directus allows unauthenticated access to WebSocket events and operations
High
CVE-2024-54151
was published
for
@directus/api
(npm)
Dec 9, 2024
Winter CMS Modules allows a sandbox bypass in Twig templates leading to data modification and deletion
High
CVE-2024-54149
was published
for
winter/wn-cms-module
(Composer)
Dec 9, 2024
Trix editor subject to XSS vulnerabilities on copy & paste
Moderate
CVE-2024-53847
was published
for
trix
(npm)
Dec 9, 2024
NULL Pointer Dereference on moby image history
Moderate
CVE-2024-36620
was published
for
github.com/moby/moby
(Go)
Nov 29, 2024
Apache Superset: Improper SQL authorisation, parse not checking for specific postgres functions
Low
CVE-2024-53947
was published
for
apache-superset
(pip)
Dec 9, 2024
Apache Superset: Lower privilege users are able to create Role when FAB_ADD_SECURITY_API is enabled
High
CVE-2024-53949
was published
for
apache-superset
(pip)
Dec 9, 2024
Apache Superset: Error verbosity exposes metadata in analytics databases
Moderate
CVE-2024-53948
was published
for
apache-superset
(pip)
Dec 9, 2024
Hugo does not escape some attributes in internal templates
Moderate
CVE-2024-55601
was published
for
github.com/gohugoio/hugo
(Go)
Dec 9, 2024
league/commonmark's quadratic complexity bugs may lead to a denial of service
High
GHSA-c2pc-g5qf-rfrf
was published
for
league/commonmark
(Composer)
Dec 9, 2024
`idna` accepts Punycode labels that do not produce any non-ASCII when decoded
Moderate
CVE-2024-12224
was published
for
idna
(Rust)
Dec 9, 2024
sigstore-java has vulnerability with bundle verification
Moderate
CVE-2024-53267
was published
for
dev.sigstore:sigstore-java
(Maven)
Nov 26, 2024
Orchid Platform has Method Exposure Vulnerability in Modals
Moderate
CVE-2024-51992
was published
for
orchid/platform
(Composer)
Nov 12, 2024
shared_preferences_android vulnerability
Low
GHSA-3hpf-ff72-j67p
was published
for
shared_preferences_android
(Pub)
Dec 6, 2024
Doorkeeper Improper Authentication vulnerability
Moderate
CVE-2023-34246
was published
for
doorkeeper
(RubyGems)
Jun 12, 2023
laravel-s vulnerable to Local File Inclusion
Critical
CVE-2023-29931
was published
for
hhxsv5/laravel-s
(Composer)
Jun 22, 2023
Improper permissions handling in MediaWiki AbuseFilter
Moderate
CVE-2024-47913
was published
for
mediawiki/abuse-filter
(Composer)
Oct 5, 2024
Cross-Site Request Forgery in Apache Wicket
Moderate
CVE-2024-27439
was published
for
org.apache.wicket:wicket
(Maven)
Mar 19, 2024
Jenkins HTML Publisher Plugin does not properly sanitize input
High
CVE-2024-28149
was published
for
org.jenkins-ci.plugins:htmlpublisher
(Maven)
Mar 6, 2024
Django SQL injection in HasKey(lhs, rhs) on Oracle
High
CVE-2024-53908
was published
for
Django
(pip)
Dec 6, 2024
Django denial-of-service in django.utils.html.strip_tags()
Moderate
CVE-2024-53907
was published
for
Django
(pip)
Dec 6, 2024
semver vulnerable to Regular Expression Denial of Service
High
CVE-2022-25883
was published
for
semver
(npm)
Jun 21, 2023
ProTip!
Advisories are also available from the
GraphQL API