Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
2,000
Maven
5,000+
npm
3,711
NuGet
661
pip
3,383
Pub
11
RubyGems
885
Rust
849
Swift
36
Unreviewed advisories
All unreviewed
5,000+

1,172 advisories

Loading
Low severity (DoS) vulnerability in sequoia-openpgp Low
GHSA-9344-p847-qm5c was published for sequoia-openpgp (Rust) Jun 26, 2024
Exposure of secrets through system log in Jenkins Structs Plugin Low
CVE-2024-39458 was published for org.jenkins-ci.plugins:structs (Maven) Jun 26, 2024
October System module has an Open Redirect for Administrator Accounts Low
CVE-2024-24764 was published for october/system (Composer) Jun 26, 2024
October System module has a Reflected XSS via X-October-Request-Handler Header Low
CVE-2024-25637 was published for october/system (Composer) Jun 26, 2024
DSpace Cross Site Scripting (XSS) via a deposited HTML/XML document Low
CVE-2024-38364 was published for org.dspace:dspace-server-webapp (Maven) Jun 25, 2024
Xib3rR4dAr
Keycloak leaks configured LDAP bind credentials through the Keycloak admin console Low
CVE-2024-5967 was published for org.keycloak:keycloak-ldap-federation (Maven) Jun 21, 2024
MarkLee131
Duplicate Advisory: Keycloak: Leak of configured LDAP bind credentials Low
GHSA-gmrm-8fx4-66x7 was published for org.keycloak:keycloak-core (Maven) Jun 18, 2024 withdrawn
Apache Airflow does not return the "Cache-Control" header for dynamic content Low
CVE-2024-25142 was published for apache-airflow (pip) Jun 14, 2024
Mattermost Desktop App allows for bypassing TCC restrictions on macOS Low
CVE-2024-36287 was published for mattermost-desktop (npm) Jun 14, 2024
HashiCorp Vault Incorrectly Validated JSON Web Tokens (JWT) Audience Claims Low
CVE-2024-5798 was published for github.com/hashicorp/vault (Go) Jun 12, 2024
Keycloak Denial of Service via account lockout Low
GHSA-cq42-vhv7-xr7p was published for org.keycloak:keycloak-services (Maven) Jun 12, 2024
Keycloak's improper input validation allows using email as username Low
GHSA-4vc8-pg5c-vg4x was published for org.keycloak:keycloak-services (Maven) Jun 12, 2024
@strapi/plugin-content-manager leaks data via relations via the Admin Panel Low
CVE-2024-29181 was published for @strapi/plugin-content-manager (npm) Jun 12, 2024
felixdkatt derrickmehaffy
Bassel17 christiancp100
`docker cp` allows unexpected chmod of host files in Moby Docker Engine Low
CVE-2021-41089 was published for github.com/docker/docker (Go) Jun 10, 2024
LevanaXr ssst0n3
zenml-io/zenml does not expire the session after password reset Low
CVE-2024-4680 was published for zenml (pip) Jun 8, 2024
Symlink bypasses filesystem sandbox Low
CVE-2024-38358 was published for wasmer (Rust) Jun 7, 2024
yagehu
Cross site scripting in zenml Low
CVE-2024-2171 was published for zenml (pip) Jun 6, 2024
Race condition in zenml Low
CVE-2024-2032 was published for zenml (pip) Jun 6, 2024
Improper authentication in zenml Low
CVE-2024-2213 was published for zenml (pip) Jun 6, 2024
evmos allows transferring unvested tokens after delegations Low
CVE-2024-32873 was published for github.com/evmos/evmos/v10 (Go) Jun 6, 2024
s2n-tls has a potentially observable differences in RSA premaster secret handling Low
GHSA-52xf-5p2m-9wrv was published for s2n-tls (Rust) Jun 6, 2024
Password hash exposed in CraftCMS two factor authentication plugin Low
CVE-2024-5657 was published for born05/craft-twofactorauthentication (Composer) Jun 6, 2024
Typo3 Information Disclosure in Page Tree Low
GHSA-h934-f4m4-wc8x was published for typo3/cms (Composer) Jun 5, 2024
Information Disclosure in TYPO3 CMS Low
GHSA-c7p6-3c9c-f88q was published for typo3/cms (Composer) Jun 5, 2024
Arbitrary JavaScript execution due to using outdated libraries Low
GHSA-4m3g-6r7g-jv4f was published for gradio_pdf (pip) Jun 5, 2024
isacaya
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database