Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,133
Erlang
29
GitHub Actions
19
Go
1,940
Maven
5,000+
npm
3,677
NuGet
645
pip
3,295
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+

20,339 advisories

Loading
Security Update for the OPC UA .NET Standard Stack Moderate
CVE-2024-45526 was published for OPCFoundation.NetStandard.Opc.Ua (NuGet) Oct 18, 2024
Security Update for the OPC UA .NET Standard Stack High
GHSA-qm9f-c3v9-wphv was published for OPCFoundation.NetStandard.Opc.Ua (NuGet) Oct 18, 2024
Permissive Regular Expression in tacquito High
GHSA-p5wf-cmr4-xrwr was published for github.com/facebookincubator/tacquito (Go) Oct 18, 2024
Spring Framework DataBinder Case Sensitive Match Exception Low
CVE-2024-38820 was published for org.springframework:spring-context (Maven) Oct 18, 2024
MessagePack allows untrusted data to lead to DoS attack due to hash collisions and stack overflow Moderate
CVE-2024-48924 was published for MessagePack (NuGet) Oct 17, 2024
AArnott neuecc
GrabYourPitchforks
Exiv2 has a denial of service due to unbounded recursion in QuickTimeVideo::multipleEntriesDecoder Moderate
CVE-2024-25112 was published for exiv2 (pip) Oct 17, 2024
westonsteimel
Exiv2 has an out-of-bounds read in QuickTimeVideo::NikonTagsDecoder Moderate
CVE-2024-24826 was published for exiv2 (pip) Oct 17, 2024
westonsteimel
Path traversal in redaxo Moderate
CVE-2024-46212 was published for redaxo/source (Composer) Oct 16, 2024
Admidio Vulnerable to HTML Injection In The Messages Section Low
CVE-2024-47836 was published for admidio/admidio (Composer) Oct 16, 2024
Kakashi1234
Improper Authentication vulnerability in Apache Solr Critical
CVE-2024-45216 was published for org.apache.solr:solr (Maven) Oct 16, 2024
Insecure Default Initialization of Resource vulnerability in Apache Solr High
CVE-2024-45217 was published for org.apache.solr:solr (Maven) Oct 16, 2024
Possible ReDoS vulnerability in block_format in Action Mailer Low
CVE-2024-47889 was published for actionmailer (RubyGems) Oct 15, 2024
Possible ReDoS vulnerability in plain_text_for_blockquote_node in Action Text Low
CVE-2024-47888 was published for actiontext (RubyGems) Oct 15, 2024
Possible ReDoS vulnerability in HTTP Token authentication in Action Controller Low
CVE-2024-47887 was published for actionpack (RubyGems) Oct 15, 2024
Possible ReDoS vulnerability in query parameter filtering in Action Dispatch Moderate
CVE-2024-41128 was published for actionpack (RubyGems) Oct 15, 2024
Infinite loop in github.com/gomarkdown/markdown Moderate
CVE-2024-44337 was published for github.com/gomarkdown/markdown (Go) Oct 15, 2024
VM images built with Image Builder with some providers use default credentials during builds in github.com/kubernetes-sigs/image-builder Moderate
CVE-2024-9594 was published for github.com/kubernetes-sigs/image-builder (Go) Oct 15, 2024
VM images built with Image Builder and Proxmox provider use default credentials in github.com/kubernetes-sigs/image-builder Critical
CVE-2024-9486 was published for github.com/kubernetes-sigs/image-builder (Go) Oct 15, 2024
Starlette Denial of service (DoS) via multipart/form-data High
CVE-2024-47874 was published for starlette (pip) Oct 15, 2024
defnull
Malicious homeservers can steal message keys when the matrix-react-sdk user invites another user to a room High
CVE-2024-47824 was published for matrix-react-sdk (npm) Oct 15, 2024
dkasak
Matrix JavaScript SDK's key history sharing could share keys to malicious devices High
CVE-2024-47080 was published for matrix-js-sdk (npm) Oct 15, 2024
dkasak
changedetection.io has a Server Side Template Injection using Jinja2 which allows Remote Command Execution Critical
CVE-2024-32651 was published for changedetection.io (pip) Oct 15, 2024
edoardottt dgtlmoon
Vendure asset server plugin has local file read vulnerability with AssetServerPlugin & LocalAssetStorageStrategy Critical
CVE-2024-48914 was published for @vendure/asset-server-plugin (npm) Oct 15, 2024
Hano allows bypass of CSRF Middleware by a request without Content-Type header. Moderate
CVE-2024-48913 was published for hono (npm) Oct 15, 2024
Agent Dart is missing certificate verification checks High
CVE-2024-48915 was published for agent_dart (Pub) Oct 15, 2024
AlexV525
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database