GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,274
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,419
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+
20,952 advisories
Filter by severity
op_panic in the base runtime can force a panic in the runtime's containing thread
Moderate
GHSA-fwfx-rrv8-crpf
was published
for
rustyscript
(Rust)
Dec 4, 2024
op_panic in the base runtime can force a panic in the runtime's containing thread
Moderate
GHSA-4mw5-2636-4535
was published
for
js-sandbox
(Rust)
Dec 4, 2024
pyspider Cross-Site Request Forgery (CSRF) via the Flask endpoints
High
CVE-2024-39163
was published
for
pyspider
(pip)
Dec 4, 2024
Borsh serialization of HashMap is non-canonical
High
GHSA-wwq9-3cpr-mm53
was published
for
hashbrown
(Rust)
Dec 4, 2024
linkme fails to ensure slice elements match the slice's declared type
Low
GHSA-f95p-4cv5-8w8x
was published
for
linkme
(Rust)
Dec 4, 2024
Modified package published to npm, containing malware that exfiltrates private key material
High
CVE-2024-54134
was published
for
@solana/web3.js
(npm)
Dec 4, 2024
Downloading malicious GitHub Actions workflow artifact results in path traversal vulnerability
Moderate
CVE-2024-54132
was published
for
github.com/cli/cli
(Go)
Dec 4, 2024
Kolide Agent Privilege Escalation (Windows, Versions >= 1.5.3, < 1.12.3)
High
CVE-2024-54131
was published
for
github.com/kolide/launcher
(Go)
Dec 3, 2024
Mobile Security Framework (MobSF) Stored Cross-Site Scripting Vulnerability in "Diff or Compare" Functionality
Moderate
CVE-2024-53999
was published
for
mobsf
(pip)
Dec 3, 2024
Synapse Matrix has a partial room state leak via Sliding Sync
Moderate
CVE-2024-53867
was published
for
matrix-synapse
(pip)
Dec 3, 2024
Synapse can be forced to thumbnail unexpected file formats, invoking external, potentially untrustworthy decoders
High
CVE-2024-53863
was published
for
matrix-synapse
(pip)
Dec 3, 2024
Vitess allows HTML injection in /debug/querylogz & /debug/env
Moderate
CVE-2024-53257
was published
for
vitess.io/vitess
(Go)
Dec 3, 2024
Synapse allows a a malformed invite to break the invitee's `/sync`
High
CVE-2024-52815
was published
for
matrix-synapse
(pip)
Dec 3, 2024
Synapse allows unsupported content types to lead to memory exhaustion
High
CVE-2024-52805
was published
for
matrix-synapse
(pip)
Dec 3, 2024
Synapse's unauthenticated writes to the media repository allow planting of problematic content
Moderate
CVE-2024-37303
was published
for
matrix-synapse
(pip)
Dec 3, 2024
Synapse denial of service through media disk space consumption
High
CVE-2024-37302
was published
for
matrix-synapse
(pip)
Dec 3, 2024
Apache Ozone: Improper authentication when generating S3 secrets
High
CVE-2024-45106
was published
for
org.apache.ozone:ozone
(Maven)
Dec 3, 2024
rails-html-sanitizer has XSS vulnerability with certain configurations
Low
CVE-2024-53989
was published
for
rails-html-sanitizer
(RubyGems)
Dec 2, 2024
Access to Archived Argo Workflows with Fake Token in `client` mode
Moderate
CVE-2024-53862
was published
for
github.com/argoproj/argo-workflows/v3
(Go)
Dec 2, 2024
BunkerWeb has Open Redirect Vulnerability in Loading Page
Moderate
CVE-2024-53264
was published
for
github.com/bunkerity/bunkerweb
(Go)
Dec 2, 2024
rails-html-sanitizer has XSS vulnerability with certain configurations
Low
CVE-2024-53987
was published
for
rails-html-sanitizer
(RubyGems)
Dec 2, 2024
rails-html-sanitizer has XSS vulnerability with certain configurations
Low
CVE-2024-53988
was published
for
rails-html-sanitizer
(RubyGems)
Dec 2, 2024
rails-html-sanitizer has XSS vulnerability with certain configurations
Low
CVE-2024-53986
was published
for
rails-html-sanitizer
(RubyGems)
Dec 2, 2024
rails-html-sanitize has XSS vulnerability with certain configurations
Low
CVE-2024-53985
was published
for
rails-html-sanitizer
(RubyGems)
Dec 2, 2024
ProTip!
Advisories are also available from the
GraphQL API