GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,273
Erlang
31
GitHub Actions
21
Go
2,055
Maven
5,000+
npm
3,739
NuGet
668
pip
3,417
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+
1,201 advisories
Filter by severity
Twig has unguarded calls to `__isset()` and to array-accesses when the sandbox is enabled
Low
CVE-2024-51755
was published
for
twig/twig
(Composer)
Nov 6, 2024
Twig has unguarded calls to `__toString()` when nesting an object into an array
Low
CVE-2024-51754
was published
for
twig/twig
(Composer)
Nov 6, 2024
Symfony vulnerable to open redirect via browser-sanitized URLs
Low
CVE-2024-50345
was published
for
symfony/http-foundation
(Composer)
Nov 6, 2024
Symfony has an incorrect response from Validator when input ends with `\n`
Low
CVE-2024-50343
was published
for
symfony/symfony
(Composer)
Nov 6, 2024
Symfony allows internal address and port enumeration by NoPrivateNetworkHttpClient
Low
CVE-2024-50342
was published
for
symfony/http-client
(Composer)
Nov 6, 2024
Symfony's `Security::login` does not take into account custom `user_checker`
Low
CVE-2024-50341
was published
for
symfony/security-bundle
(Composer)
Nov 6, 2024
cap-std doesn't fully sandbox all the Windows device filenames
Low
CVE-2024-51756
was published
for
cap-async-std
(Rust)
Nov 5, 2024
Wasmtime doesn't fully sandbox all the Windows device filenames
Low
CVE-2024-51745
was published
for
wasmtime
(Rust)
Nov 5, 2024
@workos-inc/authkit-remix refresh tokens are logged when the debug flag is enabled
Low
CVE-2024-51753
was published
for
@workos-inc/authkit-remix
(npm)
Nov 5, 2024
@workos-inc/authkit-nextjs refresh tokens are logged when the debug flag is enabled
Low
CVE-2024-51752
was published
for
@workos-inc/authkit-nextjs
(npm)
Nov 5, 2024
gitsign may use incorrect Rekor entries during verification
Low
CVE-2024-51746
was published
for
github.com/sigstore/gitsign
(Go)
Nov 5, 2024
LocalAI Cross-site Scripting vulnerability
Low
CVE-2024-48057
was published
for
github.com/mudler/LocalAI
(Go)
Nov 5, 2024
Bad documentation of error handling in ParseWithClaims can lead to potentially dangerous situations
Low
CVE-2024-51744
was published
for
github.com/golang-jwt/jwt/v4
(Go)
Nov 4, 2024
Umbraco CMS Cross-site Scripting vulnerability
Low
CVE-2024-10761
was published
for
Umbraco.Cms.Core
(NuGet)
Nov 4, 2024
Grafana org admin can delete pending invites in different org
Low
CVE-2024-10452
was published
for
github.com/grafana/grafana
(Go)
Oct 29, 2024
@langchain/community SQL Injection vulnerability
Low
CVE-2024-7042
was published
for
@langchain/community
(npm)
Oct 29, 2024
Langchain SQL Injection vulnerability
Low
CVE-2024-8309
was published
for
langchain
(pip)
Oct 29, 2024
Duende IdentityServer has insufficient validation of DPoP cnf claim in Local APIs
Low
CVE-2024-49755
was published
for
Duende.IdentityServer
(NuGet)
Oct 28, 2024
Mattermost incorrectly issues two sessions when using desktop SSO
Low
CVE-2024-10214
was published
for
github.com/mattermost/mattermost/server/v8
(Go)
Oct 28, 2024
Funadmin Cross-site Scripting vulnerability
Low
CVE-2024-48228
was published
for
funadmin/funadmin
(Composer)
Oct 26, 2024
AWS Load Balancer Controller automatically detaches externally associated web ACL from Application Load Balancers
Low
GHSA-rjfv-pjvx-mjgv
was published
for
sigs.k8s.io/aws-load-balancer-controller
(Go)
Oct 24, 2024
Umbraco CMS Improper Access Control Vulnerability Allows Low-Privilege Users to Access Webhook API
Low
CVE-2024-48925
was published
for
Umbraco.CMS
(NuGet)
Oct 22, 2024
Admidio Vulnerable to HTML Injection In The Messages Section
Low
CVE-2024-47836
was published
for
admidio/admidio
(Composer)
Oct 16, 2024
ReDoS vulnerability in vue package that is exploitable through inefficient regex evaluation in the parseHTML function
Low
CVE-2024-9506
was published
for
vue
(npm)
Oct 15, 2024
Valid ECDSA signatures erroneously rejected in Elliptic
Low
CVE-2024-48948
was published
for
elliptic
(npm)
Oct 15, 2024
ProTip!
Advisories are also available from the
GraphQL API