GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,273
Erlang
31
GitHub Actions
21
Go
2,055
Maven
5,000+
npm
3,739
NuGet
668
pip
3,417
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+
20,944 advisories
Filter by severity
shared_preferences_android vulnerability
Low
GHSA-3hpf-ff72-j67p
was published
for
shared_preferences_android
(Pub)
Dec 6, 2024
phpMyFAQ Generates an Error Message Containing Sensitive Information if database server is not available
High
CVE-2024-54141
was published
for
thorsten/phpmyfaq
(Composer)
Dec 6, 2024
Django SQL injection in HasKey(lhs, rhs) on Oracle
High
CVE-2024-53908
was published
for
Django
(pip)
Dec 6, 2024
Django denial-of-service in django.utils.html.strip_tags()
Moderate
CVE-2024-53907
was published
for
Django
(pip)
Dec 6, 2024
LibreNMS stored cross-site scripting (XSS) vulnerability in the Device Settings section
Moderate
CVE-2024-53457
was published
for
librenms/librenms
(Composer)
Dec 6, 2024
Unpatched `path-to-regexp` ReDoS in 0.1.x
Moderate
CVE-2024-52798
was published
for
path-to-regexp
(npm)
Dec 5, 2024
Directus has an HTML Injection in Comment
Moderate
CVE-2024-54128
was published
for
@directus/app
(npm)
Dec 5, 2024
sigstore-java has a vulnerability with bundle verification
Low
CVE-2024-54140
was published
for
dev.sigstore:sigstore-java
(Maven)
Dec 5, 2024
Build corruption when using `PYO3_CONFIG_FILE` environment variable
Moderate
GHSA-vxcf-c7mx-pg53
was published
for
pyo3
(Rust)
Dec 5, 2024
Unsound usages of `std::slice::from_raw_parts`
Low
GHSA-gw5w-5j7f-jmjj
was published
for
pprof
(Rust)
Dec 5, 2024
rPGP Potential Resource Exhaustion when handling Untrusted Messages
High
CVE-2024-53857
was published
for
pgp
(Rust)
Dec 5, 2024
rPGP Panics on Malformed Untrusted Input
High
CVE-2024-53856
was published
for
pgp
(Rust)
Dec 5, 2024
Drupal core Denial of Service
High
CVE-2024-11941
was published
for
drupal/core
(Composer)
Dec 5, 2024
Drupal core vulnerable to improper error handling
Moderate
CVE-2024-11942
was published
for
drupal/core
(Composer)
Dec 5, 2024
Apache Hive: Deserialization of untrusted data when fetching partitions from the Metastore
High
CVE-2022-41137
was published
for
org.apache.hive:hive-exec
(Maven)
Dec 5, 2024
Firepad allows insecure document access
Low
CVE-2024-51210
was published
for
firepad
(npm)
Dec 4, 2024
Spring LDAP data exposure vulnerability
Moderate
CVE-2024-38829
was published
for
org.springframework.ldap:spring-ldap-core
(Maven)
Dec 4, 2024
op_panic in the base runtime can force a panic in the runtime's containing thread
Moderate
GHSA-fwfx-rrv8-crpf
was published
for
rustyscript
(Rust)
Dec 4, 2024
op_panic in the base runtime can force a panic in the runtime's containing thread
Moderate
GHSA-4mw5-2636-4535
was published
for
js-sandbox
(Rust)
Dec 4, 2024
pyspider Cross-Site Request Forgery (CSRF) via the Flask endpoints
High
CVE-2024-39163
was published
for
pyspider
(pip)
Dec 4, 2024
Borsh serialization of HashMap is non-canonical
High
GHSA-wwq9-3cpr-mm53
was published
for
hashbrown
(Rust)
Dec 4, 2024
linkme fails to ensure slice elements match the slice's declared type
Low
GHSA-f95p-4cv5-8w8x
was published
for
linkme
(Rust)
Dec 4, 2024
Modified package published to npm, containing malware that exfiltrates private key material
High
CVE-2024-54134
was published
for
@solana/web3.js
(npm)
Dec 4, 2024
Downloading malicious GitHub Actions workflow artifact results in path traversal vulnerability
Moderate
CVE-2024-54132
was published
for
github.com/cli/cli
(Go)
Dec 4, 2024
ProTip!
Advisories are also available from the
GraphQL API