GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
9,025 advisories
Filter by severity
wasm3 uncontrolled memory allocation vulnerability
Moderate
CVE-2024-27529
was published
for
github.com/shareup/wasm-interpreter-apple
(pip)
Nov 9, 2024
HTTP Client uses incorrect token after refresh
Moderate
CVE-2024-51987
was published
for
Duende.AccessTokenManagement.OpenIdConnect
(NuGet)
Nov 7, 2024
Hashicorp Nomad Incorrect Authorization vulnerability
Moderate
CVE-2024-10975
was published
for
github.com/hashicorp/nomad
(Go)
Nov 7, 2024
Moodle's IDOR in Feedback non-respondents report allows messaging arbitrary site users
Moderate
CVE-2024-43438
was published
for
moodle/moodle
(Composer)
Nov 7, 2024
Moodle LFI vulnerability when restoring malformed block backups
Moderate
CVE-2024-43440
was published
for
moodle/moodle
(Composer)
Nov 7, 2024
Moodle vulnerable to site administration SQL injection via XMLDB editor
Moderate
CVE-2024-43436
was published
for
moodle/moodle
(Composer)
Nov 7, 2024
Moodle has arbitrary file read risk through pdfTeX
Moderate
CVE-2024-43426
was published
for
moodle/moodle
(Composer)
Nov 7, 2024
Moodle's IDOR in badges allows deletion of arbitrary badges
Moderate
CVE-2024-43431
was published
for
moodle/moodle
(Composer)
Nov 7, 2024
Moodle vulnerable to cache poisoning via injection into storage
Moderate
CVE-2024-43428
was published
for
moodle/moodle
(Composer)
Nov 7, 2024
Undertow Denial of Service vulnerability
Moderate
CVE-2023-1973
was published
for
io.undertow:undertow-core
(Maven)
Nov 7, 2024
hibernate-validator Cross-site Scripting vulnerability
Moderate
CVE-2023-1932
was published
for
org.hibernate.validator:hibernate-validator
(Maven)
Nov 7, 2024
UnoPim Cross-site Scripting vulnerability
Moderate
CVE-2024-50637
was published
for
unopim/unopim
(Composer)
Nov 6, 2024
Gradio vulnerable to arbitrary file read with File and UploadButton components
Moderate
CVE-2024-51751
was published
for
gradio
(pip)
Nov 6, 2024
Symfony allows changing the environment through a query
Moderate
CVE-2024-50340
was published
for
symfony/runtime
(Composer)
Nov 6, 2024
ansible-core Incorrect Authorization vulnerability
Moderate
CVE-2024-9902
was published
for
ansible-core
(pip)
Nov 6, 2024
OctoPrint has API key access in settings without reauthentication
Moderate
CVE-2024-51493
was published
for
OctoPrint
(pip)
Nov 5, 2024
OctoPrint Vulnerable to Reflected XSS in Jinja2 Templates
Moderate
CVE-2024-49377
was published
for
OctoPrint
(pip)
Nov 5, 2024
Langflow vulnerable to remote code execution
Moderate
CVE-2024-48061
was published
for
langflow
(pip)
Nov 5, 2024
gradio Server Side Request Forgery vulnerability
Moderate
CVE-2024-48052
was published
for
gradio
(pip)
Nov 5, 2024
Access control vulnerable to user data deletion by anonynmous users
Moderate
CVE-2024-51734
was published
for
AccessControl
(pip)
Nov 4, 2024
loona-hpack Panic Vulnerability
Moderate
CVE-2024-51502
was published
for
loona-hpack
(Rust)
Nov 4, 2024
Safearchive Path Traversal vulnerability
Moderate
CVE-2024-10389
was published
for
github.com/google/safearchive
(Go)
Nov 4, 2024
changedetection.io Path Traversal
Moderate
CVE-2024-51483
was published
for
changedetection.io
(pip)
Nov 1, 2024
Sinatra vulnerable to Reliance on Untrusted Inputs in a Security Decision
Moderate
CVE-2024-21510
was published
for
sinatra
(RubyGems)
Nov 1, 2024
Glossarizer Cross-site Scripting vulnerability
Moderate
CVE-2024-42515
was published
for
glossarizer
(npm)
Oct 31, 2024
ProTip!
Advisories are also available from the
GraphQL API