Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
21
Go
2,003
Maven
5,000+
npm
3,714
NuGet
661
pip
3,387
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+

9,035 advisories

Loading
Cilium's Layer 7 policy enforcement may not occur in policies with wildcarded port ranges Moderate
CVE-2024-52529 was published for github.com/cilium/cilium (Go) Nov 25, 2024
Jenkins item creation restriction bypass vulnerability Moderate
CVE-2024-47804 was published for org.jenkins-ci.main:jenkins-core (Maven) Oct 2, 2024
Express ressource injection Moderate
CVE-2024-10491 was published for express (npm) Oct 29, 2024
axi92
Withdrawn Advisory: Kanister vulnerable to cluster-level privilege escalation Moderate
CVE-2024-43403 was published for github.com/kanisterio/kanister (Go) Aug 20, 2024 withdrawn
younaman hairyhum
libre-chat Path Traversal vulnerability Moderate
CVE-2024-52787 was published for libre-chat (pip) Nov 25, 2024
Keycloak proxy header handling Denial-of-Service (DoS) vulnerability Moderate
CVE-2024-9666 was published for org.keycloak:keycloak-quarkus-server (Maven) Nov 25, 2024
Duplicate Advisory: Keycloak proxy header handling Denial-of-Service (DoS) vulnerability Moderate
GHSA-pcx7-8hxg-j823 was published for org.keycloak:keycloak-quarkus-server (Maven) Nov 25, 2024 withdrawn
Mage AI incorrectly gives privileges to users with deleted accounts Moderate
CVE-2024-45187 was published for mage-ai (pip) Aug 23, 2024
Apache Airflow: DAG Code and Import Error Permissions Ignored Moderate
CVE-2024-27906 was published for apache-airflow (pip) Feb 29, 2024
oscerd sunSUNQ
Twisted vulnerable to NameVirtualHost Host header injection Moderate
CVE-2022-39348 was published for twisted (pip) Oct 26, 2022
westonsteimel
Cross-site scripting in bootstrap-select Moderate
CVE-2019-20921 was published for bootstrap-select (npm) May 7, 2021
Duplicate Advisory: Keycloak Build Process Exposes Sensitive Data Moderate
GHSA-jcgg-mg9g-p9wf was published for org.keycloak:keycloak-quarkus-server (Maven) Nov 25, 2024 withdrawn
Keycloak Path Traversal Vulnerability Due to External Control of File Name or Path Moderate
CVE-2024-10492 was published for org.keycloak:keycloak-quarkus-server (Maven) Nov 25, 2024
Twisted CRLF Injection Moderate
CVE-2019-12387 was published for twisted (pip) Jun 10, 2019
Duplicate Advisory: org.keycloak:keycloak-services has Inefficient Regular Expression Complexity Moderate
GHSA-j3x3-r585-4qhg was published for org.keycloak:keycloak-services (Maven) Nov 25, 2024 withdrawn
OpenShift Console Server Side Request Forgery vulnerability Moderate
CVE-2024-6538 was published for github.com/openshift/console (Go) Nov 25, 2024
rustls network-reachable panic in `Acceptor::accept` Moderate
GHSA-qg5g-gv98-5ffh was published for rustls (Rust) Nov 25, 2024
lunary-ai/lunary Access Control Vulnerability in Prompt Variation Management Moderate
CVE-2024-5389 was published for lunary (npm) Jun 10, 2024 withdrawn
OpenStack Neutron can use an incorrect ID during policy enforcement Moderate
CVE-2024-53916 was published for neutron (pip) Nov 25, 2024
Podman affected by CVE-2024-1753 container escape at build time Moderate
CVE-2024-1753 was published for github.com/containers/podman/v4 (Go) Mar 28, 2024
rmcnamara-snyk
ansible-core Incorrect Authorization vulnerability Moderate
CVE-2024-9902 was published for ansible-core (pip) Nov 6, 2024
Man-in-the-Middle (MitM) Moderate
CVE-2014-5277 was published for github.com/docker/docker (Go) Feb 15, 2022
Sentry improper error handling leaks Application Integration Client Secret Moderate
CVE-2024-53253 was published for sentry (pip) Nov 22, 2024
Improper Input Validation vulnerability in Apache Hop Engine Moderate
CVE-2024-24683 was published for org.apache.hop:hop (Maven) Mar 19, 2024
cert-manager ha a potential slowdown / DoS when parsing specially crafted PEM inputs Moderate
GHSA-r4pg-vg54-wxx4 was published for github.com/cert-manager/cert-manager (Go) Nov 20, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database