Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,299
Erlang
31
GitHub Actions
21
Go
2,064
Maven
5,000+
npm
3,744
NuGet
668
pip
3,424
Pub
12
RubyGems
892
Rust
877
Swift
36
Unreviewed advisories
All unreviewed
5,000+

21,003 advisories

Loading
Apache Kafka's SCRAM implementation Incorrectly Implements Authentication Algorithm Low
CVE-2024-56128 was published for org.apache.kafka:kafka (Maven) Dec 18, 2024
Atro CSRF Middleware Bypass (security.checkOrigin) Moderate
CVE-2024-56140 was published for astro (npm) Dec 18, 2024
KageShiron ematipico
delucis ascorbic
Spatie Browsershot Directory Traversal vulnerability High
CVE-2024-21547 was published for spatie/browsershot (Composer) Dec 18, 2024
UniSharp Laravel Filemanager Code Injection vulnerability High
CVE-2024-21546 was published for unisharp/laravel-filemanager (Composer) Dec 18, 2024
Bun has an Application-level Prototype Pollution vulnerability in the runtime native API for Glo Moderate
CVE-2024-21548 was published for bun (npm) Dec 18, 2024
lirantal
Open Cluster Management vulnerable to Trust Boundary Violation High
CVE-2024-9779 was published for open-cluster-management.io/ocm (Go) Dec 18, 2024
Liferay Portal and Liferay DXP have Cross-site Scripting vulnerability in edit Service Access Policy page Moderate
CVE-2023-37940 was published for com.liferay.portal:release.dxp.bom (Maven) Dec 18, 2024
Keycloak vulnerable to Cleartext Transmission of Sensitive Information Moderate
CVE-2024-10973 was published for org.keycloak:keycloak-quarkus-server (Maven) Dec 18, 2024
PGHoard Path Traversal vulnerability Moderate
CVE-2024-56142 was published for pghoard (pip) Dec 17, 2024
jserran1
Databricks JDBC Driver Command Injection vulnerability High
CVE-2024-49194 was published for com.databricks:databricks-jdbc (Maven) Dec 17, 2024
Elasticsearch Incorrect Authorization vulnerability Moderate
CVE-2024-12539 was published for org.elasticsearch:elasticsearch (Maven) Dec 17, 2024
Liferay Portal and Liferay DXP vulnerable to Criss-site Scripting Moderate
CVE-2024-11993 was published for com.liferay.portal:release.dxp.bom (Maven) Dec 17, 2024
Apache Tomcat Uncontrolled Resource Consumption vulnerability Moderate
CVE-2024-54677 was published for org.apache.tomcat:tomcat-catalina (Maven) Dec 17, 2024
Apache Tomcat Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability High
CVE-2024-50379 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Dec 17, 2024
biehl1
Traefik affected by CVE-2024-53259 Moderate
GHSA-hxr6-2p24-hf98 was published for github.com/traefik/traefik/v2 (Go) Dec 17, 2024
Next.js authorization bypass vulnerability High
CVE-2024-51479 was published for next (npm) Dec 17, 2024
tyage
Welcome and About GeoServer pages communicate version and revision information Moderate
CVE-2024-35230 was published for org.geoserver.web:gs-web-app (Maven) Dec 16, 2024
jodygarnett
ASA-2024-0012, ASA-2024-0013: CosmosSDK: Transaction decoding may result in a stack overflow or resource exhaustion High
GHSA-8wcc-m6j2-qxvm was published for cosmossdk.io/x/tx (Go) Dec 16, 2024
SurrealDB has Silent Failure to Overwrite Table Definition of Relation Type Low
GHSA-27vq-hv74-7cqp was published for surrealdb (Rust) Dec 16, 2024
AlbertMarashi
MinIO vulnerable to privilege escalation in IAM import API High
CVE-2024-55949 was published for github.com/minio/minio (Go) Dec 16, 2024
Mattermost Improper Validation of Specified Type of Input vulnerability Moderate
CVE-2024-54083 was published for github.com/mattermost/mattermost/server/v8 (Go) Dec 16, 2024
Mattermost Data Amplification vulnerability Moderate
CVE-2024-54682 was published for github.com/mattermost/mattermost/server/v8 (Go) Dec 16, 2024
Mattermost Race Condition vulnerability Moderate
CVE-2024-48872 was published for github.com/mattermost/mattermost/server/v8 (Go) Dec 16, 2024
D-Tale allows Remote Code Execution through the Custom Filter Input Moderate
CVE-2024-55890 was published for dtale (pip) Dec 13, 2024
TaiPhung217
thorsten/phpmyfaq Unintended File Download Triggered by Embedded Frames Moderate
CVE-2024-55889 was published for thorsten/phpmyfaq (Composer) Dec 13, 2024
geo-chen
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database