Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,069
Erlang
29
GitHub Actions
19
Go
1,891
Maven
5,000+
npm
3,627
NuGet
638
pip
3,239
Pub
10
RubyGems
858
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

8,909 advisories

Loading
Devise-Two-Factor Authentication Uses Insufficient Default OTP Shared Secret Length Moderate
CVE-2024-8796 was published for devise-two-factor (RubyGems) Sep 17, 2024
syntacticNaCl mark-adams
@backstage/plugin-techdocs-backend vulnerable to circumvention of cross site scripting protection Moderate
CVE-2024-46976 was published for @backstage/plugin-techdocs-backend (npm) Sep 17, 2024
@backstage/plugin-techdocs-backend storage bucket Directory Traversal vulnerability Moderate
CVE-2024-45816 was published for @backstage/plugin-techdocs-backend (npm) Sep 17, 2024
@backstage/plugin-catalog-backend Prototype Pollution vulnerability Moderate
CVE-2024-45815 was published for @backstage/plugin-catalog-backend (npm) Sep 17, 2024
Vite DOM Clobbering gadget found in vite bundled scripts that leads to XSS Moderate
CVE-2024-45812 was published for vite (npm) Sep 17, 2024
jackfromeast ishmeals
Vite's `server.fs.deny` is bypassed when using `?import&raw` Moderate
CVE-2024-45811 was published for vite (npm) Sep 17, 2024
Kimai has an XXE Leading to Local File Read Moderate
GHSA-534c-hcr7-67jg was published for kimai/kimai (Composer) Sep 17, 2024
ixSly
Wire UI has a JS XSS Vulnerability on route /wireui/button?label=Content Moderate
CVE-2024-45803 was published for wireui/wireui (Composer) Sep 17, 2024
sharathdn1 PH7-Jack
Sentry improperly authorizes deletion of user issue alert notifications Moderate
CVE-2024-45605 was published for sentry (pip) Sep 17, 2024
javeedsk8341
czim/file-handling vulnerable to SSRF and directory traversal Moderate
CVE-2024-47049 was published for czim/file-handling (Composer) Sep 17, 2024
powermail TYPO3 extension has Insecure Direct Object Reference Moderate
CVE-2024-47047 was published for in2code/powermail (Composer) Sep 17, 2024
Contao affected by insert tag injection via canonical URL Moderate
CVE-2024-45612 was published for contao/core-bundle (Composer) Sep 17, 2024
aschempp
Contao affected by directory traversal in the file selector widget Moderate
CVE-2024-45604 was published for contao/core-bundle (Composer) Sep 17, 2024
usdResponsibleDisclosure
LangChain pickle deserialization of untrusted data Moderate
CVE-2024-5998 was published for langchain (pip) Sep 17, 2024
Concrete CMS Stored XSS in the "Next&Previous Nav" block Moderate
CVE-2024-8661 was published for concrete5/concrete5 (Composer) Sep 16, 2024
Decidim::Admin vulnerable to cross-site scripting (XSS) in the admin panel with QuillJS WYSWYG editor Moderate
CVE-2024-39910 was published for decidim (RubyGems) Sep 16, 2024
Decidim::Admin vulnerable to cross-site scripting (XSS) in the admin activity log Moderate
CVE-2024-32034 was published for decidim-admin (RubyGems) Sep 16, 2024
OpenDaylight Model-Driven Service Abstraction Layer (MD-SAL) allows follower controller to set up flow entries Moderate
CVE-2024-46942 was published for org.opendaylight.mdsal:mdsal-artifacts (Maven) Sep 16, 2024
Mattermost Desktop App Uncontrolled Search Path Vulnerability Moderate
CVE-2024-39613 was published for mattermost-desktop (npm) Sep 16, 2024
OpenDaylight Authentication, Authorization and Accounting (AAA) peer impersonation vulnerability Moderate
CVE-2024-46943 was published for org.opendaylight.aaa:aaa-artifacts (Maven) Sep 16, 2024
Composio Code Injection Vulnerability Moderate
CVE-2024-8864 was published for composio-core (pip) Sep 16, 2024
Composio Path Traversal vulnerability Moderate
CVE-2024-8865 was published for composio-core (pip) Sep 16, 2024
Ansible vulnerable to Insertion of Sensitive Information into Log File Moderate
CVE-2024-8775 was published for ansible-core (pip) Sep 16, 2024
Lunary improper access control vulnerability Moderate
CVE-2024-6087 was published for lunary (npm) Sep 13, 2024
Lunary Cross-Site Request Forgery (CSRF) vulnerability Moderate
CVE-2024-6862 was published for lunary (npm) Sep 13, 2024
ProTip! Advisories are also available from the GraphQL API