Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,248
Erlang
31
GitHub Actions
21
Go
2,014
Maven
5,000+
npm
3,721
NuGet
662
pip
3,393
Pub
11
RubyGems
890
Rust
852
Swift
36
Unreviewed advisories
All unreviewed
5,000+

20,777 advisories

Loading
rails-html-sanitizer has XSS vulnerability with certain configurations Low
CVE-2024-53989 was published for rails-html-sanitizer (RubyGems) Dec 2, 2024
Access to Archived Argo Workflows with Fake Token in `client` mode Moderate
CVE-2024-53862 was published for github.com/argoproj/argo-workflows/v3 (Go) Dec 2, 2024
ljyanesm agilgur5
BunkerWeb has Open Redirect Vulnerability in Loading Page Moderate
CVE-2024-53264 was published for github.com/bunkerity/bunkerweb (Go) Dec 2, 2024
adventure8812
rails-html-sanitizer has XSS vulnerability with certain configurations Low
CVE-2024-53987 was published for rails-html-sanitizer (RubyGems) Dec 2, 2024
rails-html-sanitizer has XSS vulnerability with certain configurations Low
CVE-2024-53988 was published for rails-html-sanitizer (RubyGems) Dec 2, 2024
rails-html-sanitizer has XSS vulnerability with certain configurations Low
CVE-2024-53986 was published for rails-html-sanitizer (RubyGems) Dec 2, 2024
rails-html-sanitize has XSS vulnerability with certain configurations Low
CVE-2024-53985 was published for rails-html-sanitizer (RubyGems) Dec 2, 2024
Denial of service (DoS) via deformation `multipart/form-data` boundary High
CVE-2024-53981 was published for python-multipart (pip) Dec 2, 2024
Startr4ck defnull
mnqazi
Backstage Scaffolder plugin vulnerable to Server-Side Request Forgery Moderate
CVE-2024-53983 was published for @backstage/plugin-scaffolder-node (npm) Dec 2, 2024
`ruzstd` uninit and out-of-bounds memory reads Moderate
GHSA-x3f4-45xf-rjm7 was published for ruzstd (Rust) Dec 2, 2024
Mongoose search injection vulnerability High
CVE-2024-53900 was published for mongoose (npm) Dec 2, 2024
hull.js Code Injection Vulnerability Critical
GHSA-q849-wxrc-vqrp was published for hull.js (npm) Dec 2, 2024
mcoimbra filipeom
AsyncHttpClient (AHC) library's `CookieStore` replaces explicitly defined `Cookie`s Critical
CVE-2024-53990 was published for org.asynchttpclient:async-http-client (Maven) Dec 2, 2024
pickypg
Netty vulnerability included in redis lettuce Moderate
GHSA-q4h9-7rxj-7gx2 was published for io.lettuce:lettuce-core (Maven) Dec 2, 2024
gmcallister-r7
SimpleSAMLphp vulnerable to XXE in parsing SAML messages High
GHSA-j5g2-q29x-cw3h was published for simplesamlphp/simplesamlphp (Composer) Dec 2, 2024
ahacker1-securesaml
ibexa/post-install affected by Breach with Varnish VCL Moderate
GHSA-4h8f-c635-25p7 was published for ibexa/post-install (Composer) Dec 2, 2024
ibexa/http-cache affected by Breach with Varnish VCL Moderate
GHSA-fh7v-q458-7vmw was published for ibexa/http-cache (Composer) Dec 2, 2024
ezsystems/ezplatform-http-cache affected by Breach with Varnish VCL Moderate
GHSA-mgfg-7533-7jf6 was published for ezsystems/ezplatform-http-cache (Composer) Dec 2, 2024
Python package "zhmcclient" stores passwords in clear text in its HMC and API logs Moderate
CVE-2024-53865 was published for zhmcclient (pip) Dec 2, 2024
andy-maier
Ibexa Admin UI vulnerable to Cross-site Scripting in a field that is used in the Content name pattern Moderate
CVE-2024-53864 was published for ibexa/admin-ui (Composer) Dec 2, 2024
PyJWT Issuer field partial matches allowed Low
CVE-2024-53861 was published for PyJWT (pip) Dec 2, 2024
fabianbadoi
check-jsonschema default caching for remote schemas allows for cache confusion Moderate
CVE-2024-53848 was published for check-jsonschema (pip) Dec 2, 2024
sethmlarson sirosen
quic-go affected by an ICMP Packet Too Large Injection Attack on Linux Moderate
CVE-2024-53259 was published for github.com/quic-go/quic-go (Go) Dec 2, 2024
@intlify/shared Prototype Pollution vulnerability Moderate
CVE-2024-52810 was published for @intlify/shared (npm) Dec 2, 2024
BobbieGoede
vue-i18n has cross-site scripting vulnerability with prototype pollution Moderate
CVE-2024-52809 was published for @intlify/core (npm) Dec 2, 2024
BobbieGoede
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database