Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,279
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,421
Pub
12
RubyGems
891
Rust
873
Swift
36
Unreviewed advisories
All unreviewed
5,000+

9,125 advisories

Loading
CosmWasm VM Incorrect metering Moderate
GHSA-2q97-m5rc-p3gp was published for cosmwasm-vm (Go) Dec 10, 2024
Panic in wasmvm can slow down block production Moderate
GHSA-vmqh-5232-v43r was published for cosmwasm-vm (Go) Dec 10, 2024
Withdrawn Advisory: Nette Database SQL injection Moderate
CVE-2024-55586 was published for nette/database (Composer) Dec 10, 2024 withdrawn
calvera CSIRTTrizna
Drupal core Access bypass Moderate
CVE-2024-55634 was published for drupal/core (Composer) Dec 10, 2024
Drupal Core Cross-Site Scripting (XSS) Moderate
CVE-2024-12393 was published for drupal/core (Composer) Dec 10, 2024
unstructured XML External Entity (XXE) Moderate
CVE-2024-46455 was published for unstructured (pip) Dec 9, 2024
WildFly Elytron OpenID Connect Client Extension authorization code injection attack Moderate
CVE-2024-12369 was published for org.wildfly:wildfly-elytron-oidc-client-subsystem (Maven) Dec 9, 2024
Hugo does not escape some attributes in internal templates Moderate
CVE-2024-55601 was published for github.com/gohugoio/hugo (Go) Dec 9, 2024
jmooring
`idna` accepts Punycode labels that do not produce any non-ASCII when decoded Moderate
CVE-2024-12224 was published for idna (Rust) Dec 9, 2024
Trix editor subject to XSS vulnerabilities on copy & paste Moderate
CVE-2024-53847 was published for trix (npm) Dec 9, 2024
Apache Superset: Error verbosity exposes metadata in analytics databases Moderate
CVE-2024-53948 was published for apache-superset (pip) Dec 9, 2024
Predictable results in nanoid generation when given non-integer values Moderate
CVE-2024-55565 was published for nanoid (npm) Dec 9, 2024
krassowski katzj
CrzyHAX91
Django denial-of-service in django.utils.html.strip_tags() Moderate
CVE-2024-53907 was published for Django (pip) Dec 6, 2024
LibreNMS stored cross-site scripting (XSS) vulnerability in the Device Settings section Moderate
CVE-2024-53457 was published for librenms/librenms (Composer) Dec 6, 2024
Unpatched `path-to-regexp` ReDoS in 0.1.x Moderate
CVE-2024-52798 was published for path-to-regexp (npm) Dec 5, 2024
blakeembrey ctcpip
Directus has an HTML Injection in Comment Moderate
CVE-2024-54128 was published for @directus/app (npm) Dec 5, 2024
mastomii r3dpower
Build corruption when using `PYO3_CONFIG_FILE` environment variable Moderate
GHSA-vxcf-c7mx-pg53 was published for pyo3 (Rust) Dec 5, 2024
Drupal core vulnerable to improper error handling Moderate
CVE-2024-11942 was published for drupal/core (Composer) Dec 5, 2024
Spring LDAP data exposure vulnerability Moderate
CVE-2024-38829 was published for org.springframework.ldap:spring-ldap-core (Maven) Dec 4, 2024
op_panic in the base runtime can force a panic in the runtime's containing thread Moderate
GHSA-fwfx-rrv8-crpf was published for rustyscript (Rust) Dec 4, 2024
op_panic in the base runtime can force a panic in the runtime's containing thread Moderate
GHSA-4mw5-2636-4535 was published for js-sandbox (Rust) Dec 4, 2024
Unsoundness in anstream Moderate
GHSA-2rxc-gjrp-vjhx was published for anstream (Rust) Dec 4, 2024
Downloading malicious GitHub Actions workflow artifact results in path traversal vulnerability Moderate
CVE-2024-54132 was published for github.com/cli/cli (Go) Dec 4, 2024
andyfeller jtmcg
williammartin BagToad parablack
Mobile Security Framework (MobSF) Stored Cross-Site Scripting Vulnerability in "Diff or Compare" Functionality Moderate
CVE-2024-53999 was published for mobsf (pip) Dec 3, 2024
lDomenx
Synapse Matrix has a partial room state leak via Sliding Sync Moderate
CVE-2024-53867 was published for matrix-synapse (pip) Dec 3, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database