GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
20,740 advisories
Filter by severity
SPEmailHandler-PHP has Potential Abuse for Sending Arbitrary Emails
High
CVE-2024-53860
was published
for
spencer14420/sp-php-email-handler
(Composer)
Nov 27, 2024
Recursive repository cloning can leak authentication tokens to non-GitHub submodule hosts
Moderate
CVE-2024-53858
was published
for
github.com/cli/cli/v2
(Go)
Nov 27, 2024
`auth.TokenForHost` violates GitHub host security boundary when sourcing authentication token within a codespace
Moderate
CVE-2024-53859
was published
for
github.com/cli/go-gh/v2
(Go)
Nov 27, 2024
Devolutions.XTS.NET Vulnerable to Timing Attack on GF Multiplications
Moderate
CVE-2024-11862
was published
for
Devolutions.XTS.NET
(NuGet)
Nov 27, 2024
Querydsl vulnerable to HQL injection trough orderBy
High
CVE-2024-49203
was published
for
com.querydsl:querydsl-apt
(Maven)
Nov 27, 2024
Jenkins Simple Queue Plugin has stored cross-site scripting (XSS) vulnerability
High
CVE-2024-54003
was published
for
io.jenkins.plugins:simple-queue
(Maven)
Nov 27, 2024
Jenkins Filesystem List Parameter Plugin has Path Traversal vulnerability
Moderate
CVE-2024-54004
was published
for
aendter.jenkins.plugins:filesystem-list-parameter-plugin
(Maven)
Nov 27, 2024
CRI-O: Maliciously structured checkpoint file can gain arbitrary node access
Moderate
CVE-2024-8676
was published
for
github.com/cri-o/cri-o
(Go)
Nov 26, 2024
Re-creating a deleted user in lakeFS will re-enable previous user credentials that existed prior to its deletion
Moderate
CVE-2024-43784
was published
for
github.com/treeverse/lakefs
(Go)
Nov 26, 2024
TCPDF Local File Inclusion vulnerability
Moderate
CVE-2024-51058
was published
for
tecnickcom/tcpdf
(Composer)
Nov 26, 2024
@dapperduckling/keycloak-connector-server has Reflected XSS Vulnerability in Authentication Flow URL Handling
Moderate
CVE-2024-53843
was published
for
@dapperduckling/keycloak-connector-server
(npm)
Nov 26, 2024
sigstore-java has vulnerability with bundle verification
Moderate
CVE-2024-53267
was published
for
dev.sigstore:sigstore-java
(Maven)
Nov 26, 2024
Password Policy Bypass Vulnerability in Fides Webserver User Accept Invite API
Low
CVE-2024-52008
was published
for
ethyca-fides
(pip)
Nov 26, 2024
@lobehub/chat Server Side Request Forgery vulnerability
High
CVE-2024-32965
was published
for
@lobehub/chat
(npm)
Nov 26, 2024
aiocpa contains credential harvesting code
High
GHSA-486g-47cc-8wxf
was published
for
aiocpa
(pip)
Nov 25, 2024
Keycloak mTLS Authentication Bypass via Reverse Proxy TLS Termination
High
CVE-2024-10039
was published
for
org.keycloak:keycloak-core
(Maven)
Nov 25, 2024
Keycloak proxy header handling Denial-of-Service (DoS) vulnerability
Moderate
CVE-2024-9666
was published
for
org.keycloak:keycloak-quarkus-server
(Maven)
Nov 25, 2024
Cilium's Layer 7 policy enforcement may not occur in policies with wildcarded port ranges
Moderate
CVE-2024-52529
was published
for
github.com/cilium/cilium
(Go)
Nov 25, 2024
deno_doc's HTML generator vulnerable to Cross-site Scripting
Low
CVE-2024-32468
was published
for
deno_doc
(Rust)
Nov 25, 2024
Keycloak Build Process Exposes Sensitive Data
High
CVE-2024-10451
was published
for
org.keycloak:keycloak-quarkus-server
(Maven)
Nov 25, 2024
Keycloak Path Traversal Vulnerability Due to External Control of File Name or Path
Moderate
CVE-2024-10492
was published
for
org.keycloak:keycloak-quarkus-server
(Maven)
Nov 25, 2024
MLflow's excessive directory permissions allow local privilege escalation
High
CVE-2024-27134
was published
for
mlflow
(pip)
Nov 25, 2024
libre-chat Path Traversal vulnerability
Moderate
CVE-2024-52787
was published
for
libre-chat
(pip)
Nov 25, 2024
org.keycloak:keycloak-services has Inefficient Regular Expression Complexity
High
CVE-2024-10270
was published
for
org.keycloak:keycloak-services
(Maven)
Nov 25, 2024
rustls network-reachable panic in `Acceptor::accept`
Moderate
GHSA-qg5g-gv98-5ffh
was published
for
rustls
(Rust)
Nov 25, 2024
ProTip!
Advisories are also available from the
GraphQL API