Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+

9,025 advisories

Loading
Spring Framework DataBinder Case Sensitive Match Exception Moderate
CVE-2024-38820 was published for org.springframework:spring-context (Maven) Oct 18, 2024
jw123023
Spring Security's spring-security.xsd file is world writable Moderate
CVE-2023-34042 was published for org.springframework.security:spring-security-config (Maven) Feb 6, 2024
Recursive repository cloning can leak authentication tokens to non-GitHub submodule hosts Moderate
CVE-2024-53858 was published for github.com/cli/cli/v2 (Go) Nov 27, 2024
BagToad andyfeller
williammartin Ry0taK
`auth.TokenForHost` violates GitHub host security boundary when sourcing authentication token within a codespace Moderate
CVE-2024-53859 was published for github.com/cli/go-gh/v2 (Go) Nov 27, 2024
BagToad williammartin
andyfeller Ry0taK
Devolutions.XTS.NET Vulnerable to Timing Attack on GF Multiplications Moderate
CVE-2024-11862 was published for Devolutions.XTS.NET (NuGet) Nov 27, 2024
zer0x64 pdugre
PingCAP TiDB nil pointer dereference Moderate
CVE-2024-37820 was published for github.com/pingcap/tidb (Go) Jun 25, 2024
Jenkins Filesystem List Parameter Plugin has Path Traversal vulnerability Moderate
CVE-2024-54004 was published for aendter.jenkins.plugins:filesystem-list-parameter-plugin (Maven) Nov 27, 2024
libre-chat Path Traversal vulnerability Moderate
CVE-2024-52787 was published for libre-chat (pip) Nov 25, 2024
OpenStack Neutron can use an incorrect ID during policy enforcement Moderate
CVE-2024-53916 was published for neutron (pip) Nov 25, 2024
Moodle IDOR when deleting OAuth2 linked accounts Moderate
CVE-2024-45690 was published for moodle/moodle (Composer) Nov 20, 2024
TCPDF Local File Inclusion vulnerability Moderate
CVE-2024-51058 was published for tecnickcom/tcpdf (Composer) Nov 26, 2024
CRI-O: Maliciously structured checkpoint file can gain arbitrary node access Moderate
CVE-2024-8676 was published for github.com/cri-o/cri-o (Go) Nov 26, 2024
Re-creating a deleted user in lakeFS will re-enable previous user credentials that existed prior to its deletion Moderate
CVE-2024-43784 was published for github.com/treeverse/lakefs (Go) Nov 26, 2024
N-o-Z
sigstore-java has vulnerability with bundle verification Moderate
CVE-2024-53267 was published for dev.sigstore:sigstore-java (Maven) Nov 26, 2024
loosebazooka
Podman affected by CVE-2024-1753 container escape at build time Moderate
CVE-2024-1753 was published for github.com/containers/podman/v4 (Go) Mar 28, 2024
rmcnamara-snyk
Link Following in github.com/containers/common Moderate
CVE-2024-9341 was published for github.com/containers/common (Go) Oct 1, 2024
Improper Input Validation in Buildah and Podman Moderate
CVE-2024-9407 was published for github.com/containers/buildah (Go) Oct 1, 2024
Nunjucks autoescape bypass leads to cross site scripting Moderate
CVE-2023-2142 was published for nunjucks (npm) Apr 20, 2023
blaiddx64
Validator.isValidSafeHTML is being deprecated and will be deleted from org.owasp.esapi:esapi in 1 year Moderate
GHSA-r68h-jhhj-9jvm was published for org.owasp.esapi:esapi (Maven) Nov 27, 2023
Apache Syncope: Stored XSS in Console and Enduser Moderate
CVE-2024-45031 was published for org.apache.syncope.client:syncope-client-console (Maven) Oct 24, 2024
Path traveral in Streamlit on windows Moderate
CVE-2024-42474 was published for streamlit (pip) Aug 12, 2024
nvn1729
Mayan EDMS DMS XSS vulnerability Moderate
CVE-2022-47419 was published for mayan-edms (pip) Feb 8, 2023
OpenStack Identity (Keystone) allows remote attackers to bypass intended access restrictions via revoked PKI token Moderate
CVE-2013-4294 was published for keystone (pip) May 17, 2022
OpenStack Keystone Improper Authentication vulnerability Moderate
CVE-2013-1865 was published for keystone (pip) May 17, 2022
OpenStack Glance sensitive information disclosure via logs Moderate
CVE-2014-1948 was published for glance (pip) May 17, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database