GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,231
Erlang
31
GitHub Actions
20
Go
1,991
Maven
5,000+
npm
3,709
NuGet
661
pip
3,341
Pub
11
RubyGems
884
Rust
846
Swift
36
Unreviewed advisories
All unreviewed
5,000+
20,640 advisories
Filter by severity
Harden-Runner has a command injection weaknesses in `setup.ts` and `arc-runner.ts`
Low
CVE-2024-52587
was published
for
step-security/harden-runner
(GitHub Actions)
Nov 18, 2024
aiohttp allows request smuggling due to incorrect parsing of chunk extensions
Moderate
CVE-2024-52304
was published
for
aiohttp
(pip)
Nov 18, 2024
aiohttp has a memory leak when middleware is enabled when requesting a resource with a non-allowed method
Moderate
CVE-2024-52303
was published
for
aiohttp
(pip)
Nov 18, 2024
Sharks has a Bias of Polynomial Coefficients in Secret Sharing
Moderate
GHSA-jp37-5qhw-mffw
was published
for
sharks
(Rust)
Nov 18, 2024
Graylog concurrent PDF report rendering can leak other users' reports
High
CVE-2024-52506
was published
for
org.graylog:graylog-parent
(Maven)
Nov 18, 2024
XXE in PHPSpreadsheet's XLSX reader
High
CVE-2024-48917
was published
for
phpoffice/phpspreadsheet
(Composer)
Nov 18, 2024
XmlScanner bypass leads to XXE
High
CVE-2024-47873
was published
for
phpoffice/phpspreadsheet
(Composer)
Nov 18, 2024
cobbler allows anyone to connect to cobbler XML-RPC server with known password and make changes
Critical
CVE-2024-47533
was published
for
cobbler
(pip)
Nov 18, 2024
Apache Tomcat - XSS in generated JSPs
Moderate
CVE-2024-52318
was published
for
org.apache.tomcat:tomcat-jasper
(Maven)
Nov 18, 2024
django CMS Cross-Site Scripting (XSS)
Critical
CVE-2024-11319
was published
for
django-cms
(pip)
Nov 18, 2024
Apache Tomcat Request and/or response mix-up
Moderate
CVE-2024-52317
was published
for
org.apache.tomcat.embed:tomcat-embed-core
(Maven)
Nov 18, 2024
moodle: IDOR when fetching report schedules
Moderate
CVE-2024-48901
was published
for
moodle/moodle
(Composer)
Nov 18, 2024
Apache Tomcat - Authentication Bypass
Critical
CVE-2024-52316
was published
for
org.apache.tomcat:tomcat-catalina
(Maven)
Nov 18, 2024
Moodle leaks user names
Moderate
CVE-2024-48896
was published
for
moodle/moodle
(Composer)
Nov 18, 2024
moodle: Some users can delete audiences of other reports
Moderate
CVE-2024-48898
was published
for
moodle/moodle
(Composer)
Nov 18, 2024
moodle: IDOR in edit/delete RSS feed
Moderate
CVE-2024-48897
was published
for
moodle/moodle
(Composer)
Nov 18, 2024
Firebase JavaScript SDK allows attackers to manipulate the "_authTokenSyncURL" to point to their own server
Moderate
CVE-2024-11023
was published
for
firebase
(npm)
Nov 18, 2024
Spring MVC controller vulnerable to a DoS attack
Moderate
CVE-2024-38828
was published
for
org.springframework:spring-webmvc
(Maven)
Nov 18, 2024
Debezium database connector has a script injection vulnerability
Moderate
CVE-2023-1419
was published
for
io.debezium:debezium-connector-mysql
(Maven)
Nov 17, 2024
OpenStack improperly deletes access rules
Moderate
CVE-2023-6110
was published
for
python-openstackclient
(pip)
Nov 17, 2024
Undertow incorrectly parses cookies
High
CVE-2023-4639
was published
for
io.undertow:undertow-core
(Maven)
Nov 17, 2024
Kubernetes Nil pointer dereference in KCM after v1 HPA patch request
High
CVE-2024-0793
was published
for
k8s.io/kubernetes
(Go)
Nov 17, 2024
LibreNMS has a Stored XSS ('Cross-site Scripting') in librenms/includes/html/pages/device/services.inc.php
High
CVE-2024-52526
was published
for
librenms/librenms
(Composer)
Nov 15, 2024
Regular Expression Denial of Service (ReDoS) in @eslint/plugin-kit
Low
CVE-2024-21539
was published
for
@eslint/plugin-kit
(npm)
Nov 15, 2024
Unpatched Remote Code Execution in Gogs
High
CVE-2024-44625
was published
for
gogs.io/gogs
(Go)
Nov 15, 2024
ProTip!
Advisories are also available from the
GraphQL API