Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,189
Erlang
31
GitHub Actions
19
Go
1,985
Maven
5,000+
npm
3,701
NuGet
657
pip
3,326
Pub
11
RubyGems
882
Rust
836
Swift
35
Unreviewed advisories
All unreviewed
5,000+

1,161 advisories

Loading
vantage6 collaboration admins can extend their influence by expanding the collaboration Low
CVE-2024-32969 was published for vantage6 (pip) May 22, 2024
github.com/bincyber/go-sqlcrypter vulnerable to IV collision Low
GHSA-2j6r-9vv4-6gf5 was published for github.com/bincyber/go-sqlcrypter (Go) May 20, 2024
Passbolt Api Retrieval of HTTP-only cookies Low
GHSA-f5pp-pmq8-gp46 was published for passbolt/passbolt_api (Composer) May 20, 2024
random_compat Uses insecure CSPRNG Low
GHSA-3fmq-x9q6-wm39 was published for paragonie/random_compat (Composer) May 17, 2024
onelogin/php-saml Improper signature validation on LogoutRequest/LogoutResponse. Low
GHSA-9wrw-p9rm-r782 was published for onelogin/php-saml (Composer) May 17, 2024
Insecure deserialize Vulnerability in FLOW3 Low
GHSA-7h74-7vcw-4mwp was published for neos/flow (Composer) May 17, 2024
Monolog Header injection in NativeMailerHandler Low
GHSA-f57v-q966-7fh6 was published for monolog/monolog (Composer) May 15, 2024
Laravel Encrypter Failure to decryption vulnerability Low
GHSA-6wjw-qf87-fv5v was published for illuminate/encryption (Composer) May 15, 2024
datadog/dd-trace Circumvents open_basedir INI directive Low
GHSA-qvgg-r6rq-vwfx was published for datadog/dd-trace (Composer) May 15, 2024
Duplicate Advisory: Nokogiri updates packaged libxml2 to v2.12.7 to resolve CVE-2024-34459 Low
GHSA-r3w4-36x6-7r99 was published for nokogiri (RubyGems) May 14, 2024 withdrawn
Grafana Forward OAuth Identity Token can allow users to access some data sources Low
CVE-2022-21673 was published for github.com/grafana/grafana (Go) May 14, 2024
mxalis
containerd started with non-empty inheritable Linux process capabilities Low
GHSA-c9cp-9c75-9v8c was published for github.com/containerd/containerd (Go) May 14, 2024
NATS server TLS missing ciphersuite settings when CLI flags used Low
CVE-2021-32026 was published for github.com/nats-io/nats-server/v2 (Go) May 14, 2024
lukas-braune
sshproxy vulnerable to SSH option injection Low
CVE-2024-34713 was published for github.com/cea-hpc/sshproxy (Go) May 14, 2024
fdiakh
TYPO3 vulnerable to an HTML Injection in the History Module Low
CVE-2024-34355 was published for typo3/cms-core (Composer) May 14, 2024
andreaskienast bnf
Ant Media Server does not properly authorize non-administrative API calls Low
CVE-2024-3462 was published for io.antmedia:ant-media-server (Maven) May 14, 2024
Duplicate Advisory: AVideo cross-site scripting vulnerability in the view/about.php page Low
GHSA-qvwg-c35p-rqhj was published for wwbn/avideo (Composer) May 14, 2024 withdrawn
Nokogiri updates packaged libxml2 to v2.12.7 to resolve CVE-2024-34459 Low
GHSA-r95h-9x8f-r3f7 was published for nokogiri (RubyGems) May 13, 2024
CommanderStorm postmodern
octo-sts vulnerable to unauthenticated attacker causing unbounded CPU and memory usage Low
CVE-2024-34079 was published for github.com/octo-sts/app (Go) May 13, 2024
enj
thelounge may publicly disclose of all usernames/idents via port 113 Low
GHSA-g49q-jw42-6x85 was published for thelounge (npm) May 9, 2024
Juerd
Kimai information disclosure vulnerability Low
CVE-2024-4596 was published for kimai/kimai (Composer) May 7, 2024
vodozemac has degraded secret zeroization capabilities Low
CVE-2024-34063 was published for vodozemac (Rust) May 3, 2024
tqdm CLI arguments injection attack Low
CVE-2024-34062 was published for tqdm (pip) May 3, 2024
CopperEagle
Bouncy Castle Java Cryptography API vulnerable to DNS poisoning Low
CVE-2024-34447 was published for org.bouncycastle:bcprov-jdk12 (Maven) May 3, 2024
samueloph
Firebase vulnerable to CRSF attack Low
CVE-2024-4128 was published for firebase-tools (npm) May 2, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database