GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,224
Erlang
31
GitHub Actions
19
Go
1,990
Maven
5,000+
npm
3,706
NuGet
661
pip
3,336
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+
7,309 advisories
Filter by severity
Regular Expression Denial of Service (ReDoS) in @eslint/plugin-kit
High
CVE-2024-21539
was published
for
@eslint/plugin-kit
(npm)
Nov 15, 2024
Regular Expression Denial of Service (ReDoS) in cross-spawn
High
CVE-2024-21538
was published
for
cross-spawn
(npm)
Nov 8, 2024
Apache Airflow: Sensitive configuration values are not masked in the logs by default
High
CVE-2024-45784
was published
for
airflow
(pip)
Nov 15, 2024
Golang FIPS OpenSSL has a Use of Uninitialized Variable vulnerability
High
CVE-2024-9355
was published
for
github.com/golang-fips/openssl
(Go)
Oct 1, 2024
Unpatched Remote Code Execution in Gogs
High
CVE-2024-44625
was published
for
gogs.io/gogs
(Go)
Nov 15, 2024
LibreNMS has a Reflected XSS ('Cross-site Scripting') in librenms/includes/html/pages/wireless.inc.php
High
CVE-2024-51496
was published
for
librenms/librenms
(Composer)
Nov 15, 2024
LibreNMS has a Stored XSS ('Cross-site Scripting') in librenms/includes/html/print-customoid.php
High
CVE-2024-51497
was published
for
librenms/librenms
(Composer)
Nov 15, 2024
LibreNMS has a Stored XSS ('Cross-site Scripting') in librenms/includes/html/dev-overview-data.inc.php
High
CVE-2024-51495
was published
for
librenms/librenms
(Composer)
Nov 15, 2024
LibreNMS has a Stored XSS ('Cross-site Scripting') in librenms/app/Http/Controllers/Table/EditPortsController.php
High
CVE-2024-51494
was published
for
librenms/librenms
(Composer)
Nov 15, 2024
LibreNMS has a Persistent XSS from Insecure Input Sanitization Affects Multiple Endpoints
High
CVE-2024-50355
was published
for
librenms/librenms
(Composer)
Nov 15, 2024
LibreNMS has a Stored XSS ('Cross-site Scripting') in librenms/includes/html/pages/device/overview/services.inc.php
High
CVE-2024-50352
was published
for
librenms/librenms
(Composer)
Nov 15, 2024
LibreNMS has a Reflected XSS ('Cross-site Scripting') in librenms/includes/functions.php
High
CVE-2024-50351
was published
for
librenms/librenms
(Composer)
Nov 15, 2024
LibreNMS has a Stored XSS ('Cross-site Scripting') in librenms/includes/html/pages/device/capture.inc.php
High
CVE-2024-49764
was published
for
librenms/librenms
(Composer)
Nov 15, 2024
LibreNMS has a Stored XSS ('Cross-site Scripting') in librenms/app/Http/Controllers/Table/EditPortsController.php
High
CVE-2024-50350
was published
for
librenms/librenms
(Composer)
Nov 15, 2024
Stored XSS ('Cross-site Scripting') in librenms/includes/html/pages/edituser.inc.php
High
CVE-2024-49759
was published
for
librenms/librenms
(Composer)
Nov 15, 2024
LibreNMS has a stored XSS ('Cross-site Scripting') in librenms/includes/html/pages/api-access.inc.php
High
CVE-2024-49754
was published
for
librenms/librenms
(Composer)
Nov 15, 2024
LibreNMS has a Stored XSS ('Cross-site Scripting') in librenms/includes/html/pages/device/services.inc.php
High
CVE-2024-52526
was published
for
librenms/librenms
(Composer)
Nov 15, 2024
Laravel environment manipulation via query string
High
CVE-2024-52301
was published
for
laravel/framework
(Composer)
Nov 12, 2024
Autolab Misconfigured Reset Password Permissions
High
CVE-2024-49376
was published
for
Autolab
(RubyGems)
Oct 25, 2024
Connecting to a malicious Codespaces via GH CLI could allow command execution on the user's computer
High
CVE-2024-52308
was published
for
github.com/cli/cli/v2
(Go)
Nov 14, 2024
Symfony has an Authentication Bypass via RememberMe
High
CVE-2024-51996
was published
for
symfony/security-http
(Composer)
Nov 13, 2024
Duplicate Advisory: .NET and Visual Studio Denial of Service Vulnerability
High
GHSA-wmm6-pgp8-29hg
was published
for
System.Formats.Nrbf
(NuGet)
Nov 12, 2024
•
withdrawn
Remote Code Execution on click of <a> Link in markdown preview
High
CVE-2024-49362
was published
for
joplin
(npm)
Nov 14, 2024
Restarting a run with revoked script approval allowed by Jenkins Pipeline: Declarative Plugin
High
CVE-2024-52551
was published
for
org.jenkinsci.plugins:pipeline-model-parent
(Maven)
Nov 13, 2024
Stored XSS vulnerability in Jenkins Authorize Project Plugin
High
CVE-2024-52552
was published
for
org.jenkins-ci.plugins:authorize-project
(Maven)
Nov 13, 2024
ProTip!
Advisories are also available from the
GraphQL API