Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,097
Erlang
29
GitHub Actions
19
Go
1,925
Maven
5,000+
npm
3,656
NuGet
638
pip
3,264
Pub
10
RubyGems
873
Rust
823
Swift
35
Unreviewed advisories
All unreviewed
5,000+

20,203 advisories

Loading
cookie accepts cookie name, path, and domain with out of bounds characters Low
CVE-2024-47764 was published for cookie (npm) Oct 4, 2024
Minecraft MOTD Parser's HtmlGenerator vulnerable to XSS Moderate
CVE-2024-47765 was published for dev-lancer/minecraft-motd-parser (Composer) Oct 4, 2024
Krymonota jgniecki
Parse Server's custom object ID allows to acquire role privileges High
CVE-2024-47183 was published for parse-server (npm) Oct 4, 2024
mstniy mtrezza
OpenStack Ironic fails to verify checksums of supplied image_source URLs Moderate
CVE-2024-47211 was published for ironic (pip) Oct 4, 2024
JSON-lib mishandles an unbalanced comment string Moderate
CVE-2024-47855 was published for org.kordamp.json:json-lib-core (Maven) Oct 4, 2024
@saltcorn/plugins-loader unsanitized plugin name leads to a remote code execution (RCE) vulnerability when creating plugins using git source High
GHSA-fm76-w8jw-xf8m was published for @saltcorn/plugins-loader (npm) Oct 3, 2024
dellalibera
@saltcorn/server Remote Code Execution (RCE) / SQL injection via prototype pollution by manipulating `lang` and `defstring` parameters when setting localizer strings High
GHSA-78p3-fwcq-62c2 was published for @saltcorn/server (npm) Oct 3, 2024
dellalibera
@saltcorn/server arbitrary file and directory listing when accessing build mobile app results Moderate
GHSA-cfqx-f43m-vfh7 was published for @saltcorn/server (npm) Oct 3, 2024
dellalibera
@saltcorn/server arbitrary file zip read and download when downloading auto backups Moderate
GHSA-277h-px4m-62q8 was published for @saltcorn/server (npm) Oct 3, 2024
dellalibera
async-graphql Directive Overload High
CVE-2024-47614 was published for async-graphql (Rust) Oct 3, 2024
Sentry SDK Prototype Pollution gadget in JavaScript SDKs Moderate
GHSA-593m-55hh-j8gv was published for @sentry/browser (npm) Oct 3, 2024
Injection of arbitrary HTML/JavaScript code through the media download URL Moderate
CVE-2024-47617 was published for sulu/sulu (Composer) Oct 3, 2024
Cross-site Scripting via uploaded SVG Moderate
CVE-2024-47618 was published for sulu/sulu (Composer) Oct 3, 2024
Vulnerable juju introspection abstract UNIX domain socket Moderate
CVE-2024-8038 was published for github.com/juju/juju (Go) Oct 3, 2024
hpidcock
Vulnerable juju hook tool abstract UNIX domain socket Moderate
CVE-2024-8037 was published for github.com/juju/juju (Go) Oct 3, 2024
hpidcock phvalguima
PAM module may allow accessing with the credentials of another user High
CVE-2024-9313 was published for github.com/ubuntu/authd (Go) Oct 3, 2024
3v1n0 didrocks
OpenTofu potential leaking of secret variable values when using static evaluation in v1.8 Low
GHSA-wpr2-j6gr-pjw9 was published for github.com/opentofu/opentofu (Go) Oct 3, 2024
Unexpected visibility of environment variable configurations in @backstage/plugin-app-backend Moderate
CVE-2024-47762 was published for @backstage/plugin-app-backend (npm) Oct 3, 2024
JUJU_CONTEXT_ID is a predictable authentication secret Moderate
CVE-2024-7558 was published for github.com/juju/juju (Go) Oct 3, 2024
hpidcock lucistanescu
Apache Commons IO: Possible denial of service attack on untrusted input to XmlStreamReader High
CVE-2024-47554 was published for commons-io:commons-io (Maven) Oct 3, 2024
Apache Avro Java SDK: Arbitrary Code Execution when reading Avro Data (Java SDK) Critical
CVE-2024-47561 was published for org.apache.avro:avro-parent (Maven) Oct 3, 2024
Pomerium service account access token may grant unintended access to databroker API High
CVE-2024-47616 was published for github.com/pomerium/pomerium (Go) Oct 2, 2024
Contao allows admin an account to upload SVG file containing malicious JavaScript Low
CVE-2024-45965 was published for contao/contao (Composer) Oct 2, 2024
October allows an admin account to upload PDF containing malicious JavaScript Low
CVE-2024-45962 was published for october/october (Composer) Oct 2, 2024
Zenario allows authenticated admin users to upload PDF files containing malicious code Low
CVE-2024-45960 was published for tribalsystems/zenario (Composer) Oct 2, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database