Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
49
Go
3,426
Maven
5,000+
npm
5,000+
NuGet
882
pip
4,670
Pub
13
RubyGems
1,029
Rust
1,212
Swift
53
Unreviewed advisories
All unreviewed
5,000+

28,553 advisories

Loading
Concrete CMS Stored Cross-site Scripting vulnerability Low
CVE-2024-2179 was published for concrete5/concrete5 (Composer) Mar 5, 2024
Deno's deno_runtime vulnerable to interactive permission prompt spoofing via improper ANSI stripping High
CVE-2024-27936 was published for deno (Rust) Mar 5, 2024
Ry0taK Credited to Ry0taK and westonsteimel westonsteimel westonsteimel
Deno's Node.js Compatibility Runtime has Cross-Session Data Contamination High
CVE-2024-27935 was published for deno (Rust) Mar 5, 2024
mmastrac Credited to mmastrac
Use After Free in SixLabors.ImageSharp High
CVE-2024-27929 was published for SixLabors.ImageSharp (NuGet) Mar 5, 2024
antonfirsov Credited to antonfirsov and Luzenna Luzenna Luzenna
HTTP Handling Vulnerability in the Bare server Critical
CVE-2024-27922 was published for @tomphttp/bare-server-node (npm) Mar 5, 2024
hackermondev Credited to hackermondev
`GetRepositoryByName`, `DeleteRepositoryByName` and `GetArtifactByName` allow access of arbitrary repositories in Minder by any authenticated user High
CVE-2024-27916 was published for github.com/stacklok/minder (Go) Mar 5, 2024
dmjb Credited to dmjb
Insufficient permission checking in `Deno.makeTemp*` APIs Moderate
CVE-2024-27931 was published for deno (Rust) Mar 5, 2024
ericcornelissen Credited to ericcornelissen and mmastrac mmastrac mmastrac
eth-abi is vulnerable to recursive DoS Moderate
GHSA-3qwc-47jf-5rf7 was published for eth-abi (pip) Mar 5, 2024
paulmillr Credited to paulmillr
Incorrect TLS certificate auth method in Vault High
CVE-2024-2048 was published for github.com/hashicorp/vault (Go) Mar 4, 2024
oscerd Credited to oscerd
Coder's OIDC authentication allows email with partially matching domain to register High
CVE-2024-27918 was published for github.com/coder/coder (Go) Mar 4, 2024
arcz Credited to arcz and maxammann maxammann maxammann
pgproto3 SQL Injection via Protocol Message Size Overflow High
GHSA-7jwh-3vrq-q3m8 was published for github.com/jackc/pgproto3 (Go) Mar 4, 2024
paul-gerste-sonarsource Credited to paul-gerste-sonarsource
Sulu grants access to pages regardless of role permissions Moderate
CVE-2024-27915 was published for sulu/sulu (Composer) Mar 4, 2024
Mio's tokens for named pipes may be delivered after deregistration High
CVE-2024-27308 was published for mio (Rust) Mar 4, 2024
rofoun Credited to rofoun and radekvit radekvit radekvit
pgx SQL Injection via Protocol Message Size Overflow High
CVE-2024-27304 was published for github.com/jackc/pgx (Go) Mar 4, 2024
paul-gerste-sonarsource Credited to paul-gerste-sonarsource
JSONata expression can pollute the "Object" prototype Critical
CVE-2024-27307 was published for jsonata (npm) Mar 4, 2024
AlbertSPedersen Credited to AlbertSPedersen
electron-builder's NSIS installer - execute arbitrary code on the target machine (Windows only) High
CVE-2024-27303 was published for app-builder-lib (npm) Mar 4, 2024
bruno-1337 Credited to bruno-1337
Authorization Bypass Through User-Controlled Key in go-zero Critical
CVE-2024-27302 was published for github.com/zeromicro/go-zero (Go) Mar 4, 2024
cokeBeer Credited to cokeBeer
pgx SQL Injection via Line Comment Creation High
CVE-2024-27289 was published for github.com/jackc/pgx (Go) Mar 4, 2024
paul-gerste-sonarsource Credited to paul-gerste-sonarsource
LangChain directory traversal vulnerability Low
CVE-2024-28088 was published for langchain (pip) Mar 4, 2024
levpachmanov Credited to levpachmanov
Withdrawn Advisory: Helm shows secrets in clear text Moderate
CVE-2019-25210 was published for helm.sh/helm/v3 (Go) Mar 3, 2024 withdrawn
oscerd Credited to oscerd
hexo-theme-anzhiyu Cross-site Scripting vulnerability Moderate
CVE-2024-25865 was published for hexo-theme-anzhiyu (npm) Mar 3, 2024
phpseclib does not properly limit the ASN1 OID length High
CVE-2024-27355 was published for phpseclib/phpseclib (Composer) Mar 2, 2024
phpseclib a large prime can cause a denial of service High
CVE-2024-27354 was published for phpseclib/phpseclib (Composer) Mar 2, 2024
Integer overflow in chunking helper causes dispatching to miss elements or panic High
CVE-2024-27101 was published for github.com/authzed/spicedb (Go) Mar 1, 2024
Directus version number disclosure Moderate
CVE-2024-27296 was published for directus (npm) Mar 1, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database