Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
38
Go
2,761
Maven
5,000+
npm
4,368
NuGet
767
pip
4,137
Pub
12
RubyGems
962
Rust
1,070
Swift
45
Unreviewed advisories
All unreviewed
5,000+

453 advisories

Loading
Apache Tomcat Denial of Service due to improper input validation vulnerability for HTTP/2 requests Moderate
CVE-2024-24549 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Mar 13, 2024
oscerd westonsteimel
Credited to oscerd and westonsteimel
Deno's improper suffix match testing for DENO_AUTH_TOKENS Moderate
CVE-2024-27932 was published for deno (Rust) Mar 6, 2024
easrng mmastrac
Credited to easrng and mmastrac
Insufficient permission checking in `Deno.makeTemp*` APIs Moderate
CVE-2024-27931 was published for deno (Rust) Mar 5, 2024
ericcornelissen mmastrac
Credited to ericcornelissen and mmastrac
Apache Ambari: Various Cross site scripting problems Moderate
CVE-2023-50378 was published for org.apache.ambari:ambari (Maven) Mar 1, 2024
oscerd
Credited to oscerd
Apache Superset: Improper Neutralization of custom SQL on embedded context Moderate
CVE-2024-24772 was published for apache-superset (pip) Feb 28, 2024
oscerd
Credited to oscerd
Apache James MIME4J improper input validation vulnerability Moderate
CVE-2024-21742 was published for org.apache.james:apache-mime4j-core (Maven) Feb 27, 2024
Minder trusts client-provided mapping from repo name to upstream ID Moderate
CVE-2024-27093 was published for github.com/stacklok/minder (Go) Feb 26, 2024
evankanderson
Credited to evankanderson
ASA-2024-003: Missing `BlockedAddressed` Validation in Vesting Module Moderate
GHSA-4j93-fm92-rp4m was published for github.com/cosmos/cosmos-sdk (Go) Feb 21, 2024
dongsam sushiwushi
Credited to dongsam and sushiwushi
Privilege escalation for users that can access mock configuration Moderate
CVE-2023-6395 was published for templated_dictionary (pip) Jan 16, 2024
Duplicate Advisory: Microsoft Identity Denial of service vulnerability Moderate
GHSA-8g9c-28fc-mcx2 was published for Microsoft.IdentityModel.JsonWebTokens (NuGet) Jan 9, 2024 withdrawn
morganbr brentschmaltz
GeoK keegan-caruso jennyf19 jmprieur
Credited to morganbr, brentschmaltz, GeoK, keegan-caruso, jennyf19, and jmprieur
class.upload.php allows cross-site scripting attacks via uploaded files Moderate
CVE-2023-6551 was published for verot/class.upload.php (Composer) Jan 4, 2024
Follow Redirects improperly handles URLs in the url.parse() function Moderate
CVE-2023-26159 was published for follow-redirects (npm) Jan 2, 2024
iainsproat
Credited to iainsproat
WSO2 API Manager allows attackers to change the API rating Moderate
CVE-2023-6835 was published for org.wso2.carbon.apimgt:forum (Maven) Dec 15, 2023
Cube API denial of service attack Moderate
CVE-2023-50709 was published for @cubejs-backend/api-gateway (npm) Dec 13, 2023
Denial of service caused by infinite recursion when parsing SVG images Moderate
CVE-2023-50262 was published for dompdf/dompdf (Composer) Dec 13, 2023
cod3beat
Credited to cod3beat
Improper Input Validation in mindsdb Moderate
CVE-2023-49796 was published for mindsdb (pip) Dec 12, 2023
sylwia-budzynska
Credited to sylwia-budzynska
DockerSpawner allows any image by default Moderate
CVE-2023-48311 was published for dockerspawner (pip) Dec 8, 2023
Traefik incorrectly processes fragment in the URL, leads to Authorization Bypass Moderate
CVE-2023-47106 was published for github.com/traefik/traefik/v2 (Go) Dec 5, 2023
Benasin
Credited to Benasin
@adobe/css-tools Improper Input Validation and Inefficient Regular Expression Complexity Moderate
CVE-2023-48631 was published for @adobe/css-tools (npm) Nov 30, 2023
aiohttp's ClientSession is vulnerable to CRLF injection via version Moderate
CVE-2023-49081 was published for aiohttp (pip) Nov 27, 2023
jnovikov
Credited to jnovikov
aiohttp's ClientSession is vulnerable to CRLF injection via method Moderate
CVE-2023-49082 was published for aiohttp (pip) Nov 27, 2023
jnovikov
Credited to jnovikov
JWT Algorithm Confusion Moderate
CVE-2023-48223 was published for fast-jwt (npm) Nov 20, 2023
PinkDraconian
Credited to PinkDraconian
OpenNMS Cross-site Scripting vulnerability Moderate
CVE-2023-40314 was published for org.opennms:opennms-webapp (Maven) Nov 17, 2023
Eclipse Parsson Denial of Service vulnerability Moderate
CVE-2023-4043 was published for org.eclipse.parsson:project (Maven) Nov 3, 2023
Eclipse Glassfish remote code execution issue Moderate
CVE-2023-5763 was published for org.glassfish.main.orb:orb-connector (Maven) Nov 3, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database