Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
70
GitHub Actions
52
Go
3,904
Maven
5,000+
npm
5,000+
NuGet
967
pip
5,000+
Pub
13
RubyGems
1,062
Rust
1,374
Swift
54
Unreviewed advisories
All unreviewed
5,000+

31,043 advisories

Loading
gitsign may use incorrect Rekor entries during verification Low
CVE-2024-51746 was published for github.com/sigstore/gitsign (Go) Nov 5, 2024
adityasaky Credited to adityasaky
Osmedeus Web Server Vulnerable to Stored XSS, Leading to RCE Critical
CVE-2024-51735 was published for github.com/j3ssie/osmedeus (Go) Nov 5, 2024
n00b-bot Credited to n00b-bot
OctoPrint has API key access in settings without reauthentication Moderate
CVE-2024-51493 was published for OctoPrint (pip) Nov 5, 2024
jacopotediosi Credited to jacopotediosi
OctoPrint Vulnerable to Reflected XSS in Jinja2 Templates Moderate
CVE-2024-49377 was published for OctoPrint (pip) Nov 5, 2024
jacopotediosi Credited to jacopotediosi
LocalAI Cross-site Scripting vulnerability Low
CVE-2024-48057 was published for github.com/mudler/LocalAI (Go) Nov 5, 2024
Langflow vulnerable to remote code execution Moderate
CVE-2024-48061 was published for langflow (pip) Nov 5, 2024
gradio Server Side Request Forgery vulnerability Moderate
CVE-2024-48052 was published for gradio (pip) Nov 5, 2024
AgentScope uses `eval` High
CVE-2024-48050 was published for agentscope (pip) Nov 5, 2024
Access control vulnerable to user data deletion by anonynmous users Moderate
CVE-2024-51734 was published for AccessControl (pip) Nov 4, 2024
n1k9 Credited to n1k9, d-maurer, perrinjerome, and dataflake d-maurer d-maurer
perrinjerome perrinjerome dataflake dataflake
CRLF injection in Refit's [Header], [HeaderCollection] and [Authorize] attributes Critical
CVE-2024-51501 was published for Refit (NuGet) Nov 4, 2024
sofiaml Credited to sofiaml and glennawatson glennawatson glennawatson
Reposilite vulnerable to path traversal while serving javadoc expanded files (arbitrary file read) (`GHSL-2024-074`) High
GHSA-82j3-hf72-7x93 was published for com.reposilite:reposilite-backend (Maven) Nov 4, 2024
artsploit Credited to artsploit
Bad documentation of error handling in ParseWithClaims can lead to potentially dangerous situations Low
CVE-2024-51744 was published for github.com/golang-jwt/jwt/v4 (Go) Nov 4, 2024
yuligesec Credited to yuligesec
loona-hpack Panic Vulnerability Moderate
CVE-2024-51502 was published for loona-hpack (Rust) Nov 4, 2024
hornetq vulnerable to file overwrite, sensitive information disclosure High
CVE-2024-51127 was published for org.hornetq:hornetq-core-client (Maven) Nov 4, 2024
Apache Kylin Session Fixation vulnerability High
CVE-2024-23590 was published for org.apache.kylin:kylin (Maven) Nov 4, 2024
Safearchive Path Traversal vulnerability Moderate
CVE-2024-10389 was published for github.com/google/safearchive (Go) Nov 4, 2024
Duplicate Advisory: Umbraco CMS Cross-site Scripting vulnerability Low
GHSA-4gmq-m9vp-jrwg was published for Umbraco.Cms.Core (NuGet) Nov 4, 2024 withdrawn
AndyButland Credited to AndyButland
changedetection.io Path Traversal Moderate
CVE-2024-51483 was published for changedetection.io (pip) Nov 1, 2024
chasebowman-contrast Credited to chasebowman-contrast
Path traversal in oak allows transfer of hidden files within the served root directory High
CVE-2024-49770 was published for @oakserver/oak (npm) Nov 1, 2024
NeKzor Credited to NeKzor
Sinatra vulnerable to Reliance on Untrusted Inputs in a Security Decision Moderate
CVE-2024-21510 was published for sinatra (RubyGems) Nov 1, 2024
ThomasKoppensteiner Credited to ThomasKoppensteiner
Plenti arbitrary file deletion vulnerability High
CVE-2024-49381 was published for github.com/plentico/plenti (Go) Oct 31, 2024
Plenti arbitrary file write vulnerability High
CVE-2024-49380 was published for github.com/plentico/plenti (Go) Oct 31, 2024
Glossarizer Cross-site Scripting vulnerability Moderate
CVE-2024-42515 was published for glossarizer (npm) Oct 31, 2024
Ollama Out-of-bounds Read High
CVE-2024-39720 was published for github.com/ollama/ollama (Go) Oct 31, 2024
Gnark out-of-memory during deserialization with crafted inputs Moderate
CVE-2024-50354 was published for github.com/consensys/gnark (Go) Oct 31, 2024
pventuzelo Credited to pventuzelo
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database