GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,076
Erlang
29
GitHub Actions
19
Go
1,895
Maven
5,000+
npm
3,630
NuGet
638
pip
3,244
Pub
10
RubyGems
862
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
8,908 advisories
Filter by severity
OpenDaylight Authentication, Authorization and Accounting (AAA) peer impersonation vulnerability
Moderate
CVE-2024-46943
was published
for
org.opendaylight.aaa:aaa-artifacts
(Maven)
Sep 16, 2024
OpenDaylight Model-Driven Service Abstraction Layer (MD-SAL) allows follower controller to set up flow entries
Moderate
CVE-2024-46942
was published
for
org.opendaylight.mdsal:mdsal-artifacts
(Maven)
Sep 16, 2024
Mattermost Desktop App Uncontrolled Search Path Vulnerability
Moderate
CVE-2024-39613
was published
for
mattermost-desktop
(npm)
Sep 16, 2024
Composio Code Injection Vulnerability
Moderate
CVE-2024-8864
was published
for
composio-core
(pip)
Sep 16, 2024
Composio Path Traversal vulnerability
Moderate
CVE-2024-8865
was published
for
composio-core
(pip)
Sep 16, 2024
Ansible vulnerable to Insertion of Sensitive Information into Log File
Moderate
CVE-2024-8775
was published
for
ansible-core
(pip)
Sep 16, 2024
Lunary improper access control vulnerability
Moderate
CVE-2024-6087
was published
for
lunary
(npm)
Sep 13, 2024
Lunary Cross-Site Request Forgery (CSRF) vulnerability
Moderate
CVE-2024-6862
was published
for
lunary
(npm)
Sep 13, 2024
Lunary information disclosure vulnerability
Moderate
CVE-2024-6867
was published
for
lunary
(npm)
Sep 13, 2024
Lunary Improper Authentication vulnerability
Moderate
CVE-2024-6582
was published
for
lunary
(npm)
Sep 13, 2024
whatsapp-api-js fails to validate message's signature
Moderate
CVE-2024-45607
was published
for
whatsapp-api-js
(npm)
Sep 12, 2024
MindsDB Cross-site Scripting vulnerability
Moderate
CVE-2024-45856
was published
for
mindsdb
(pip)
Sep 12, 2024
Sensitive Information Exposure Through Insecure Logging For Secrets Like Metadata.DockerBuildArgs
Moderate
GHSA-rjc6-vm4h-85cg
was published
for
aws-sam-cli
(pip)
Sep 11, 2024
AWS SageMaker Training Toolkit logs CodeArtifact Authorization token
Moderate
GHSA-635v-pc42-fr74
was published
for
sagemaker-training
(pip)
Sep 11, 2024
Eclipse Dataspace Components's ConsumerPullTransferTokenValidationApiController doesn't check for token validit
Moderate
CVE-2024-8642
was published
for
org.eclipse.edc:transfer-data-plane
(Maven)
Sep 11, 2024
Eclipse Glassfish URL redirection vulnerability
Moderate
CVE-2024-8646
was published
for
org.glassfish.main.web:web-core
(Maven)
Sep 11, 2024
D-Tale vulnerable to Remote Code Execution through the Query input on Chart Builder
Moderate
CVE-2024-45595
was published
for
dtale
(pip)
Sep 10, 2024
send vulnerable to template injection that can lead to XSS
Moderate
CVE-2024-43799
was published
for
send
(npm)
Sep 10, 2024
serve-static vulnerable to template injection that can lead to XSS
Moderate
CVE-2024-43800
was published
for
serve-static
(npm)
Sep 10, 2024
express vulnerable to XSS via response.redirect()
Moderate
CVE-2024-43796
was published
for
express
(npm)
Sep 10, 2024
Keycloak Denial of Service vulnerability
Moderate
CVE-2023-6841
was published
for
org.keycloak:keycloak-core
(Maven)
Sep 10, 2024
XWiki Platform document history including authors of any page exposed to unauthorized actors
Moderate
CVE-2024-45591
was published
for
org.xwiki.platform:xwiki-platform-rest-server
(Maven)
Sep 10, 2024
node-gettext vulnerable to Prototype Pollution
Moderate
CVE-2024-21528
was published
for
node-gettext
(npm)
Sep 10, 2024
Keycloak Open Redirect vulnerability
Moderate
CVE-2024-7260
was published
for
org.keycloak:keycloak-core
(Maven)
Sep 9, 2024
Keycloak Uses a Key Past its Expiration Date
Moderate
CVE-2024-7318
was published
for
org.keycloak:keycloak-core
(Maven)
Sep 9, 2024
ProTip!
Advisories are also available from the
GraphQL API