GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
7,423 advisories
Filter by severity
SPEmailHandler-PHP has Potential Abuse for Sending Arbitrary Emails
High
CVE-2024-53860
was published
for
spencer14420/sp-php-email-handler
(Composer)
Nov 27, 2024
Querydsl vulnerable to HQL injection trough orderBy
High
CVE-2024-49203
was published
for
com.querydsl:querydsl-apt
(Maven)
Nov 27, 2024
Jenkins Simple Queue Plugin has stored cross-site scripting (XSS) vulnerability
High
CVE-2024-54003
was published
for
io.jenkins.plugins:simple-queue
(Maven)
Nov 27, 2024
@lobehub/chat Server Side Request Forgery vulnerability
High
CVE-2024-32965
was published
for
@lobehub/chat
(npm)
Nov 26, 2024
aiocpa contains credential harvesting code
High
GHSA-486g-47cc-8wxf
was published
for
aiocpa
(pip)
Nov 25, 2024
Keycloak mTLS Authentication Bypass via Reverse Proxy TLS Termination
High
CVE-2024-10039
was published
for
org.keycloak:keycloak-core
(Maven)
Nov 25, 2024
Keycloak Build Process Exposes Sensitive Data
High
CVE-2024-10451
was published
for
org.keycloak:keycloak-quarkus-server
(Maven)
Nov 25, 2024
MLflow's excessive directory permissions allow local privilege escalation
High
CVE-2024-27134
was published
for
mlflow
(pip)
Nov 25, 2024
org.keycloak:keycloak-services has Inefficient Regular Expression Complexity
High
CVE-2024-10270
was published
for
org.keycloak:keycloak-services
(Maven)
Nov 25, 2024
Artifact poisoning vulnerability in action-download-artifact v5 and earlier
High
GHSA-5xr6-xhww-33m4
was published
for
dawidd6/action-download-artifact
(GitHub Actions)
Nov 25, 2024
Taurus multi-party-sig has OT-based ECDSA protocol implementation flaws
High
GHSA-7f6p-phw2-8253
was published
for
github.com/taurusgroup/multi-party-sig
(Go)
Nov 25, 2024
Kubernetes kubelet arbitrary command execution
High
CVE-2024-10220
was published
for
k8s.io/kubernetes
(Go)
Nov 22, 2024
Tornado has an HTTP cookie parsing DoS vulnerability
High
CVE-2024-52804
was published
for
tornado
(pip)
Nov 22, 2024
GeoNode Server Side Request forgery
High
CVE-2023-40017
was published
for
geonode
(pip)
Nov 21, 2024
Flowise OverrideConfig security vulnerability
High
GHSA-5cph-wvm9-45gj
was published
for
flowise
(npm)
Nov 21, 2024
LLama Factory Remote OS Command Injection Vulnerability
High
CVE-2024-52803
was published
for
llamafactory
(pip)
Nov 21, 2024
Litestar allows unbounded resource consumption (DoS vulnerability)
High
CVE-2024-52581
was published
for
litestar
(pip)
Nov 20, 2024
Duplicate Advisory: Querydsl SQL/HQL injection
High
GHSA-wpvf-5mc3-hv6m
was published
for
com.querydsl:querydsl-apt
(Maven)
Nov 20, 2024
•
withdrawn
ASA-2024-010: cosmossdk.io/math: Mismatched bit-length validation in sdk.Int and sdk.Dec can lead to panic
High
GHSA-7225-m954-23v7
was published
for
cosmossdk.io/math
(Go)
Nov 20, 2024
github.com/rancher/steve's users can issue watch commands for arbitrary resources
High
CVE-2024-52280
was published
for
github.com/rancher/steve
(Go)
Nov 20, 2024
HTML Cleaner allows crafted scripts in special contexts like svg or math to pass through
High
CVE-2024-52595
was published
for
lxml-html-clean
(pip)
Nov 19, 2024
Graylog concurrent PDF report rendering can leak other users' reports
High
CVE-2024-52506
was published
for
org.graylog:graylog-parent
(Maven)
Nov 18, 2024
XXE in PHPSpreadsheet's XLSX reader
High
CVE-2024-48917
was published
for
phpoffice/phpspreadsheet
(Composer)
Nov 18, 2024
XmlScanner bypass leads to XXE
High
CVE-2024-47873
was published
for
phpoffice/phpspreadsheet
(Composer)
Nov 18, 2024
Undertow incorrectly parses cookies
High
CVE-2023-4639
was published
for
io.undertow:undertow-core
(Maven)
Nov 17, 2024
ProTip!
Advisories are also available from the
GraphQL API