Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,036
Erlang
29
GitHub Actions
18
Go
1,848
Maven
5,000+
npm
3,582
NuGet
636
pip
3,165
Pub
10
RubyGems
850
Rust
803
Swift
34
Unreviewed advisories
All unreviewed
5,000+

19,807 advisories

fugit parse and parse_nat stall on lengthy input Moderate
CVE-2024-43380 was published for fugit (RubyGems) Aug 19, 2024
personnumber3377 bensheldon
Kanister vulnerable to cluster-level privilege escalation High
CVE-2024-43403 was published for github.com/kanisterio/kanister (Go) Aug 20, 2024
younaman
Khoj Vulnerable to Stored Cross-site Scripting In Automate (Preview feature) Moderate
CVE-2024-43396 was published for khoj (pip) Aug 20, 2024
calligraf0
Flask-CORS allows the `Access-Control-Allow-Private-Network` CORS header to be set to true by default High
CVE-2024-6221 was published for flask-cors (pip) Aug 18, 2024
Pillow buffer overflow vulnerability Moderate
CVE-2024-28219 was published for pillow (pip) Apr 3, 2024
Undertow Path Traversal vulnerability Moderate
CVE-2024-1459 was published for io.undertow:undertow-core (Maven) Feb 12, 2024
OrangeDog
Memory leaks in code encrypting and verifying RSA payloads High
CVE-2024-1394 was published for github.com/golang-fips/go (Go) Mar 20, 2024
qmuntal r3kumar
Capsule tenant owner with "patch namespace" permission can hijack system namespaces High
CVE-2024-39690 was published for github.com/projectcapsule/capsule (Go) Aug 20, 2024
sparkEchooo
Grafana plugin data sources vulnerable to access control bypass Moderate
CVE-2024-6322 was published for github.com/grafana/grafana (Go) Aug 20, 2024
Ghost's improper authentication allows access to member information and actions Moderate
CVE-2024-43409 was published for @tryghost/portal (npm) Aug 20, 2024
1337Nerd
LF Edge eKuiper has a SQL Injection in sqlKvStore High
CVE-2024-43406 was published for github.com/lf-edge/ekuiper (Go) Aug 20, 2024
leonnewton
Apache Dolphinscheduler Code Injection vulnerability Critical
CVE-2024-43202 was published for org.apache.dolphinscheduler:dolphinscheduler-task-api (Maven) Aug 20, 2024
Spring Security Missing Authorization vulnerability Moderate
CVE-2024-38810 was published for org.springframework.security:spring-security-core (Maven) Aug 20, 2024
Spring Framework vulnerable to Denial of Service Moderate
CVE-2024-38808 was published for org.springframework:spring-expression (Maven) Aug 20, 2024
Concrete CMS vulnerable to Stored Cross-site Scripting Low
CVE-2024-7512 was published for concrete5/concrete5 (Composer) Aug 12, 2024
In XWiki Platform, payloads stored in content is executed when a user with script/programming right edit them Critical
CVE-2024-43401 was published for org.xwiki.platform:xwiki-platform-web-templates (Maven) Aug 19, 2024
floerer
XWiki Platform allows XSS through XClass name in string properties Critical
CVE-2024-43400 was published for org.xwiki.platform:xwiki-platform-oldcore (Maven) Aug 19, 2024
Mobile Security Framework (MobSF) has a Zip Slip Vulnerability in .a Static Library Files High
CVE-2024-43399 was published for mobsf (pip) Aug 19, 2024
bulutenes
Withdrawn Advisory: Litestar has an environment Variable injection in `docs-preview.yml` workflow High
CVE-2024-42370 was published for litestar (pip) Aug 9, 2024 withdrawn
pwntester JacobCoffee
apollo-portal has potential unauthorized access issue Moderate
CVE-2024-43397 was published for com.ctrip.framework.apollo:apollo (Maven) Aug 20, 2024
matrix-js-sdk will freeze when a user sets a room with itself as a its predecessor Moderate
CVE-2024-42369 was published for matrix-js-sdk (npm) Aug 20, 2024
morguldir
Umbraco CMS Improper Access Control vulnerability Moderate
CVE-2024-43377 was published for Umbraco.Cms (NuGet) Aug 20, 2024
Umbraco CMS vulnerable to Generation of Error Message Containing Sensitive Information Moderate
CVE-2024-43376 was published for Umbraco.Cms.Api.Management (NuGet) Aug 20, 2024
Aim Stored Cross-site Scripting Vulnerability Moderate
CVE-2024-6578 was published for aim (pip) Jul 29, 2024
Reflected Cross-Site Scripting (XSS) in zenml Moderate
CVE-2024-5062 was published for zenml (pip) Jun 30, 2024
ProTip! Advisories are also available from the GraphQL API