Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,096
Erlang
29
GitHub Actions
19
Go
1,925
Maven
5,000+
npm
3,654
NuGet
638
pip
3,263
Pub
10
RubyGems
873
Rust
823
Swift
35
Unreviewed advisories
All unreviewed
5,000+

7,078 advisories

Loading
@saltcorn/plugins-loader unsanitized plugin name leads to a remote code execution (RCE) vulnerability when creating plugins using git source High
GHSA-fm76-w8jw-xf8m was published for @saltcorn/plugins-loader (npm) Oct 3, 2024
@saltcorn/server Remote Code Execution (RCE) / SQL injection via prototype pollution by manipulating `lang` and `defstring` parameters when setting localizer strings High
GHSA-78p3-fwcq-62c2 was published for @saltcorn/server (npm) Oct 3, 2024
async-graphql Directive Overload High
CVE-2024-47614 was published for async-graphql (Rust) Oct 3, 2024
PAM module may allow accessing with the credentials of another user High
CVE-2024-9313 was published for github.com/ubuntu/authd (Go) Oct 3, 2024
3v1n0 didrocks
Apache Commons IO: Possible denial of service attack on untrusted input to XmlStreamReader High
CVE-2024-47554 was published for commons-io:commons-io (Maven) Oct 3, 2024
Pomerium service account access token may grant unintended access to databroker API High
CVE-2024-47616 was published for github.com/pomerium/pomerium (Go) Oct 2, 2024
OpenC3 Path Traversal via screen controller (`GHSL-2024-127`) High
CVE-2024-46977 was published for openc3 (RubyGems) Oct 2, 2024
p-
Duplicate Advisory: Juju makes Use of Weak Credentials High
GHSA-phh4-3hmm-24rx was published for github.com/juju/juju (Go) Oct 2, 2024 withdrawn
Duplicate Advisory: Juju Unprotected Alternate Channel vulnerability High
GHSA-85qf-6845-m8p2 was published for github.com/juju/juju (Go) Oct 2, 2024 withdrawn
Portainer improperly uses an encryption algorithm in the AesEncrypt function High
CVE-2024-33662 was published for github.com/portainer/portainer (Go) Oct 2, 2024
Golang FIPS OpenSSL has a Use of Uninitialized Variable vulnerability High
CVE-2024-9355 was published for github.com/golang-fips/openssl/v2 (Go) Oct 1, 2024
LibreNMS has Stored Cross-site Scripting vulnerability in "Device Group" Name High
CVE-2024-47524 was published for librenms/librenms (Composer) Oct 1, 2024
minhnq1618
Decidim has a cross-site scripting vulnerability in the version control page High
CVE-2024-41673 was published for decidim (RubyGems) Oct 1, 2024
Incorrect delegation lookups can make go-tuf download the wrong artifact High
CVE-2024-47534 was published for github.com/theupdateframework/go-tuf/v2 (Go) Oct 1, 2024
AdamKorcz
uPlot Prototype Pollution vulnerability High
CVE-2024-21489 was published for uplot (npm) Oct 1, 2024
basic-auth-connect's callback uses time unsafe string comparison High
CVE-2024-47178 was published for basic-auth-connect (npm) Sep 30, 2024
UlisesGascon ctcpip
AdamKorcz blakeembrey
RestrictedPython information leakage via `AttributeError.obj` and the `string` module High
CVE-2024-47532 was published for RestrictedPython (pip) Sep 30, 2024
Quasar0147 dronex7070
d-maurer
Vault SSH Secrets Engine Configuration Did Not Restrict Valid Principals By Default High
CVE-2024-7594 was published for github.com/hashicorp/vault (Go) Sep 26, 2024
Rancher agents can be hijacked by taking over the Rancher Server URL High
CVE-2024-22030 was published for github.com/rancher/rancher (Go) Sep 26, 2024
Remote command execution in promptr High
CVE-2024-46489 was published for @ifnotnowwhen/promptr (npm) Sep 25, 2024
Heap-based Buffer Overflow in sqlite-vec High
CVE-2024-46488 was published for sqlite-vec (RubyGems) Sep 25, 2024
Apache Linkis Spark EngineConn: Commons Lang's RandomStringUtils Random string security vulnerability High
CVE-2024-39928 was published for org.apache.linkis:linkis-engineplugin-spark (Maven) Sep 25, 2024
oscerd
DOM Clobbering Gadget found in rollup bundled scripts that leads to XSS High
CVE-2024-47068 was published for rollup (npm) Sep 23, 2024
jackfromeast ishmeals
Camaleon CMS vulnerable to remote code execution through code injection (GHSL-2024-185) High
GHSA-3hp8-6j24-m5gm was published for camaleon_cms (RubyGems) Sep 23, 2024
DataEase has an XML External Entity Reference vulnerability High
CVE-2024-46985 was published for io.dataease:common (Maven) Sep 23, 2024
flylzj
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database