Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
70
GitHub Actions
52
Go
3,904
Maven
5,000+
npm
5,000+
NuGet
967
pip
5,000+
Pub
13
RubyGems
1,062
Rust
1,374
Swift
54
Unreviewed advisories
All unreviewed
5,000+

31,043 advisories

Loading
Waitress vulnerable to DoS leading to high CPU usage/resource exhaustion High
CVE-2024-49769 was published for waitress (pip) Oct 29, 2024
djay Credited to djay, d-maurer, and digitalresistor d-maurer d-maurer
digitalresistor digitalresistor
Mattermost server allows authenticated user to delete arbitrary post Moderate
CVE-2024-50052 was published for github.com/mattermost/mattermost/server/v8 (Go) Oct 29, 2024
Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery Moderate
CVE-2024-46872 was published for github.com/mattermost/mattermost/server/v8 (Go) Oct 29, 2024
Apache NiFi Cross-site Scripting vulnerability Moderate
CVE-2024-45477 was published for org.apache.nifi:nifi-web-ui (Maven) Oct 29, 2024
exceptionfactory Credited to exceptionfactory
Mattermost Server allows user to get private channel names Moderate
CVE-2024-10241 was published for github.com/mattermost/mattermost/server/v8 (Go) Oct 29, 2024
Mattermost Server vulnerable to application crash from attacker-generated large response Moderate
CVE-2024-47401 was published for github.com/mattermost/mattermost/server/v8 (Go) Oct 29, 2024
Duplicate Advisory: pyload-ng vulnerable to RCE with js2py sandbox escape High
GHSA-25pw-q952-x37g was published for pyload-ng (pip) Oct 28, 2024 withdrawn
Duende IdentityServer has insufficient validation of DPoP cnf claim in Local APIs Low
CVE-2024-49755 was published for Duende.IdentityServer (NuGet) Oct 28, 2024
Coder vulnerable to post-auth URL redirection to untrusted site ('Open Redirect') Moderate
GHSA-wcx9-ccpj-hx3c was published for github.com/coder/coder/v2 (Go) Oct 28, 2024
jchristov Credited to jchristov
MPXJ has a Potential Path Traversal Vulnerability Moderate
CVE-2024-49771 was published for MPXJ.Net (RubyGems) Oct 28, 2024
Argo Workflows Controller: Denial of Service via malicious daemon Workflows Moderate
CVE-2024-47827 was published for github.com/argoproj/argo-workflows/v3 (Go) Oct 28, 2024
meln5674 Credited to meln5674 and agilgur5 agilgur5 agilgur5
Mattermost incorrectly issues two sessions when using desktop SSO Low
CVE-2024-10214 was published for github.com/mattermost/mattermost/server/v8 (Go) Oct 28, 2024
Withdrawn Advisory: go-mysql affected by go.uuid's Predictable UUID Identifiers Critical
GHSA-rc7v-65v6-m2v3 was published for github.com/go-mysql-org/go-mysql (Go) Oct 28, 2024 withdrawn
Fidget-Grep Credited to Fidget-Grep
REXML ReDoS vulnerability Moderate
CVE-2024-49761 was published for rexml (RubyGems) Oct 28, 2024
pyLoad vulnerable to remote code execution by download to /.pyload/scripts using /flashgot API High
CVE-2024-47821 was published for pyload-ng (pip) Oct 28, 2024
anuraagbaishya Credited to anuraagbaishya
Spring Security vulnerable to Authorization Bypass of Static Resources in WebFlux Applications Critical
CVE-2024-38821 was published for org.springframework.security:spring-security-web (Maven) Oct 28, 2024
CycloneDX cdxgen may execute code contained within build-related files Moderate
CVE-2024-50611 was published for @cyclonedx/cdxgen (npm) Oct 28, 2024
prabhu Credited to prabhu
useragent Regular Expression Denial of Service vulnerability Moderate
CVE-2020-26311 was published for useragent (npm) Oct 26, 2024
dsimk Credited to dsimk
CommonRegexJS Regular Expression Denial of Service vulnerability Moderate
CVE-2020-26305 was published for commonregex (npm) Oct 26, 2024
Foundation Regular Expression Denial of Service vulnerability Moderate
CVE-2020-26304 was published for foundation-sites (npm) Oct 26, 2024
insane vulnerable to Regular Expression Denial of Service Moderate
CVE-2020-26303 was published for insane (npm) Oct 26, 2024
nope-validator Regular Expression Denial of Service vulnerability Moderate
CVE-2020-26309 was published for nope-validator (npm) Oct 26, 2024
Knwl.js Regular Expression Denial of Service vulnerability Moderate
CVE-2020-26306 was published for knwl.js (npm) Oct 26, 2024
validate.js Regular Expression Denial of Service vulnerability Moderate
CVE-2020-26308 was published for validate.js (npm) Oct 26, 2024
Funadmin Cross-site Scripting vulnerability Low
CVE-2024-48228 was published for funadmin/funadmin (Composer) Oct 26, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database