Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,170
Erlang
30
GitHub Actions
19
Go
1,981
Maven
5,000+
npm
3,700
NuGet
656
pip
3,319
Pub
11
RubyGems
882
Rust
834
Swift
35
Unreviewed advisories
All unreviewed
5,000+

7,247 advisories

Loading
MindsDB Eval Injection vulnerability High
CVE-2024-45847 was published for mindsdb (pip) Sep 12, 2024
MindsDB Eval Injection vulnerability High
CVE-2024-45848 was published for mindsdb (pip) Sep 12, 2024
Untrusted Query Object Evaluation in RPC API High
GHSA-64f8-pjgr-9wmr was published for surrealdb (Rust) Sep 11, 2024
RaphaelDarley
dset Prototype Pollution vulnerability High
CVE-2024-21529 was published for dset (npm) Sep 11, 2024
Session is cached for OpenID and OAuth2 if `redirect` is not used High
CVE-2024-45596 was published for @directus/api (npm) Sep 10, 2024
joselcvarela
auditor-bundle vulnerable to Cross-site Scripting because name of entity does not get escaped High
CVE-2024-45592 was published for damienharper/auditor-bundle (Composer) Sep 10, 2024
fkropfhamer
body-parser vulnerable to denial of service when url encoding is enabled High
CVE-2024-45590 was published for body-parser (npm) Sep 10, 2024
AdamKorcz UlisesGascon
ctcpip wesleytodd
Keycloak Session Fixation vulnerability High
CVE-2024-7341 was published for org.keycloak:keycloak-services (Maven) Sep 9, 2024
stianst
path-to-regexp outputs backtracking regular expressions High
CVE-2024-45296 was published for path-to-regexp (npm) Sep 9, 2024
blakeembrey ctcpip
uniabis stbenjam pseudoralph mschfh jusemon panva alenovik jaydeep-bypt
External Secrets Operator vulnerable to privilege escalation High
CVE-2024-45041 was published for github.com/external-secrets/external-secrets (Go) Sep 9, 2024
younaman
Apache Airflow vulnerable to Improper Encoding or Escaping of Output High
CVE-2024-45498 was published for apache-airflow (pip) Sep 7, 2024
Apache Airflow vulnerable to Execution with Unnecessary Privileges High
CVE-2024-45034 was published for apache-airflow (pip) Sep 7, 2024
Default installation of `synthetic-monitoring-agent` exposes sensitive information High
CVE-2022-46156 was published for github.com/grafana/synthetic-monitoring-agent (Go) Sep 6, 2024
iamwillbar
HTML injection in JupyterLite leading to DOM Clobbering High
GHSA-gj55-2xf9-67rq was published for jupyterlite-core (pip) Sep 6, 2024
ishmeals jackfromeast
XXE vulnerability in XSLT transforms in `org.hl7.fhir.core` High
CVE-2024-45294 was published for ca.uhn.hapi.fhir:org.hl7.fhir.dstu2016may (Maven) Sep 6, 2024
qligier
Interchain Security: The signers of ICS messages do not need to match the provider address High
GHSA-7q74-g774-7x3g was published for github.com/cosmos/interchain-security (Go) Sep 5, 2024
ic-cdk has a memory leak when calling a canister method via `ic_cdk::call` High
CVE-2024-7884 was published for ic_cdk (Rust) Sep 5, 2024
adamspofford-dfinity
Path traversal vulnerability in stripe-cli High
CVE-2024-45401 was published for github.com/stripe/stripe-cli (Go) Sep 5, 2024
Missing connection timeout in Aardvark-dns High
CVE-2024-8418 was published for aardvark-dns (Rust) Sep 4, 2024
olm-sys: wrapped library unmaintained, potentially vulnerable High
GHSA-p2q9-36vw-c468 was published for olm-sys (Rust) Sep 3, 2024
Hoverfly allows an arbitrary file read in the `/api/v2/simulation` endpoint (`GHSL-2023-274`) High
CVE-2024-45388 was published for github.com/spectolabs/hoverfly (Go) Sep 3, 2024
pwntester
@actions/download-artifact has an Arbitrary File Write via artifact extraction High
GHSA-cxww-7g56-2vh6 was published for actions/download-artifact (GitHub Actions) Sep 3, 2024
holmanb
Denial of service in quinn-proto when using `Endpoint::retry()` High
CVE-2024-45311 was published for quinn-proto (Rust) Sep 3, 2024
finnbear BiagioFesta
@actions/artifact has an Arbitrary File Write via artifact extraction High
CVE-2024-42471 was published for @actions/artifact (npm) Sep 3, 2024
JLHwung
Pimcore includes vulnerable PHPOffice/PhpSpreadsheet High
GHSA-hq76-662x-7mw4 was published for pimcore/admin-ui-classic-bundle (Composer) Sep 3, 2024
ShawnRong-JJ
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database