GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,251
Erlang
31
GitHub Actions
21
Go
2,018
Maven
5,000+
npm
3,723
NuGet
662
pip
3,400
Pub
11
RubyGems
890
Rust
861
Swift
36
Unreviewed advisories
All unreviewed
5,000+
20,805 advisories
Filter by severity
Drupal core vulnerable to improper error handling
Moderate
CVE-2024-11942
was published
for
drupal/core
(Composer)
Dec 5, 2024
Drupal core Denial of Service
High
CVE-2024-11941
was published
for
drupal/core
(Composer)
Dec 5, 2024
Apache Hive: Deserialization of untrusted data when fetching partitions from the Metastore
High
CVE-2022-41137
was published
for
org.apache.hive:hive-exec
(Maven)
Dec 5, 2024
Firepad allows insecure document access
Low
CVE-2024-51210
was published
for
firepad
(npm)
Dec 4, 2024
Build corruption when using `PYO3_CONFIG_FILE` environment variable
Moderate
GHSA-vxcf-c7mx-pg53
was published
for
pyo3
(Rust)
Dec 5, 2024
jFinal Server-Side Template Injection vulnerability
Critical
CVE-2021-31635
was published
for
com.jfinal:jfinal
(Maven)
Jun 26, 2023
Unsound usages of `std::slice::from_raw_parts`
Low
GHSA-gw5w-5j7f-jmjj
was published
for
pprof
(Rust)
Dec 5, 2024
rPGP Potential Resource Exhaustion when handling Untrusted Messages
High
CVE-2024-53857
was published
for
pgp
(Rust)
Dec 5, 2024
rPGP Panics on Malformed Untrusted Input
High
CVE-2024-53856
was published
for
pgp
(Rust)
Dec 5, 2024
Jenkins GitHub Pull Request Builder Plugin credential capture vulnerability
Low
CVE-2018-1000186
was published
for
org.jenkins-ci.plugins:ghprb
(Maven)
May 14, 2022
MySQL Connectors takeover vulnerability
High
CVE-2023-22102
was published
for
com.mysql:mysql-connector-j
(Maven)
Oct 18, 2023
OpenStack Neutron can use an incorrect ID during policy enforcement
Moderate
CVE-2024-53916
was published
for
neutron
(pip)
Nov 25, 2024
MediaWiki UnlinkedWikibase Cross-site Scripting vulnerability
Moderate
CVE-2024-34500
was published
for
samwilson/unlinked-wikibase
(Composer)
May 5, 2024
NULL Pointer Dereference on moby image history
Moderate
CVE-2024-36620
was published
for
github.com/moby/moby
(Go)
Nov 29, 2024
Bagisto vulnerable to Insecure Direct Object Reference (IDOR)
Moderate
CVE-2023-36238
was published
for
bagisto/bagisto
(Composer)
Mar 13, 2024
Spring LDAP data exposure vulnerability
Moderate
CVE-2024-38829
was published
for
org.springframework.ldap:spring-ldap-core
(Maven)
Dec 4, 2024
SimpleSAMLphp SAML2 has an XXE in parsing SAML messages
Moderate
CVE-2024-52806
was published
for
simplesamlphp/saml2
(Composer)
Dec 2, 2024
SimpleSAMLphp xml-common XXE vulnerability
High
CVE-2024-52596
was published
for
simplesamlphp/xml-common
(Composer)
Dec 2, 2024
Apache Archiva Reflected Cross-site Scripting vulnerability
Moderate
CVE-2024-27140
was published
for
org.apache.archiva:archiva-common
(Maven)
Mar 1, 2024
Moodle uses the same key for QR login and auto-login
Moderate
CVE-2024-38277
was published
for
moodle/moodle
(Composer)
Jun 18, 2024
OpenRefine's PreviewExpressionCommand, which is eval, lacks protection against cross-site request forgery (CSRF)
High
CVE-2024-47879
was published
for
org.openrefine:main
(Maven)
Oct 24, 2024
Portainer improperly uses an encryption algorithm in the AesEncrypt function
High
CVE-2024-33662
was published
for
github.com/portainer/portainer
(Go)
Oct 2, 2024
Downloading malicious GitHub Actions workflow artifact results in path traversal vulnerability
Moderate
CVE-2024-54132
was published
for
github.com/cli/cli
(Go)
Dec 4, 2024
Moby Race Condition vulnerability
High
CVE-2024-36623
was published
for
github.com/moby/moby
(Go)
Nov 29, 2024
Moby Race Condition vulnerability
High
CVE-2024-36621
was published
for
github.com/moby/moby
(Go)
Nov 29, 2024
ProTip!
Advisories are also available from the
GraphQL API