GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,902
Maven
5,000+
npm
3,632
NuGet
638
pip
3,246
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
20,095 advisories
Filter by severity
Plate allows arbitrary DOM attributes in element.attributes and leaf.attributes
High
CVE-2024-47061
was published
for
@udecode/plate-core
(npm)
Sep 20, 2024
Puma's header normalization allows for client to clobber proxy set headers
Moderate
CVE-2024-45614
was published
for
puma
(RubyGems)
Sep 20, 2024
ZITADEL Allows Unauthorized Access After Organization or Project Deactivation
Moderate
CVE-2024-47060
was published
for
github.com/zitadel/zitadel/v2
(Go)
Sep 19, 2024
ZITADEL's Service Users Deactivation not Working
High
CVE-2024-47000
was published
for
github.com/zitadel/zitadel/v2
(Go)
Sep 19, 2024
ZITADEL's User Grant Deactivation not Working
High
CVE-2024-46999
was published
for
github.com/zitadel/zitadel/v2
(Go)
Sep 19, 2024
Djblets Cross-site scripting Vulnerability
Moderate
CVE-2014-3995
was published
for
Djblets
(pip)
May 17, 2022
LangChain pickle deserialization of untrusted data
Moderate
CVE-2024-5998
was published
for
langchain-community
(pip)
Sep 17, 2024
Wagtail regular expression denial-of-service via search query parsing
Moderate
CVE-2024-39317
was published
for
wagtail
(pip)
Jul 11, 2024
CoreDNS Cache Poisoning via a birthday attack
Low
CVE-2023-30464
was published
for
github.com/coredns/coredns
(Go)
Sep 18, 2024
Mautic allows users enumeration due to weak password login
Moderate
CVE-2024-47059
was published
for
mautic/core
(Composer)
Sep 18, 2024
Lunary Improper Authentication vulnerability
Moderate
CVE-2024-6582
was published
for
lunary
(npm)
Sep 13, 2024
Keycloak SAML signature validation flaw
High
CVE-2024-8698
was published
for
org.keycloak:keycloak-saml-core
(Maven)
Sep 19, 2024
Keycloak Open Redirect vulnerability
Moderate
CVE-2024-8883
was published
for
org.keycloak:keycloak-services
(Maven)
Sep 19, 2024
Undertow Denial of Service vulnerability
High
CVE-2024-5971
was published
for
io.undertow:undertow-core
(Maven)
Jul 8, 2024
OpenShift Controller Manager Improper Privilege Management
Critical
CVE-2024-45496
was published
for
github.com/openshift/openshift-controller-manager
(Go)
Sep 17, 2024
Undertow vulnerable to Race Condition
High
CVE-2024-7885
was published
for
io.undertow:undertow-core
(Maven)
Aug 21, 2024
OpenShift Builder has a path traversal, allows command injection in privileged BuildContainer
Critical
CVE-2024-7387
was published
for
github.com/openshift/builder
(Go)
Sep 17, 2024
Reverb use after free vulnerability
Moderate
CVE-2024-8375
was published
for
dm-reverb
(pip)
Sep 19, 2024
OPA for Windows has an SMB force-authentication vulnerability
Moderate
CVE-2024-8260
was published
for
github.com/open-policy-agent/opa
(Go)
Aug 30, 2024
Vite's `server.fs.deny` is bypassed when using `?import&raw`
Moderate
CVE-2024-45811
was published
for
vite
(npm)
Sep 17, 2024
Vite DOM Clobbering gadget found in vite bundled scripts that leads to XSS
Moderate
CVE-2024-45812
was published
for
vite
(npm)
Sep 17, 2024
Hoverfly allows an arbitrary file read in the `/api/v2/simulation` endpoint (`GHSL-2023-274`)
High
CVE-2024-45388
was published
for
github.com/spectolabs/hoverfly
(Go)
Sep 3, 2024
Starship vulnerable to shell injection via undocumented, unpredictable shell expansion in custom commands
High
CVE-2024-41815
was published
for
starship
(Rust)
Jul 26, 2024
ProTip!
Advisories are also available from the
GraphQL API