Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,285
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,741
NuGet
668
pip
3,422
Pub
12
RubyGems
892
Rust
875
Swift
36
Unreviewed advisories
All unreviewed
5,000+

977 advisories

Loading
Apache Superset: Improper Neutralization of custom SQL on embedded context Moderate
CVE-2024-24772 was published for apache-superset (pip) Feb 28, 2024
oscerd
Browsershot Improper Input Validation vulnerability High
CVE-2024-21549 was published for spatie/browsershot (Composer) Dec 20, 2024
Duplicate Advisory: Keycloak user may register themselves with same email ID of any existing user Moderate
GHSA-j9xq-j329-2xvg was published for org.keycloak:keycloak-core (Maven) Aug 27, 2022 withdrawn
Improper Input Validation in Buildah and Podman Moderate
CVE-2024-9407 was published for github.com/containers/buildah (Go) Oct 1, 2024
OpenShift Must Gather Operator Improper Input Validation vulnerability High
CVE-2024-25131 was published for github.com/openshift/must-gather (Go) Dec 19, 2024
Ansible-Core vulnerable to content protections bypass Low
CVE-2024-11079 was published for ansible-core (pip) Nov 12, 2024
arvindshmicrosoft
Concrete CMS vulnerable to Stored Cross-site Scripting Low
CVE-2024-4353 was published for concrete5/concrete5 (Composer) Aug 1, 2024
Browsershot Local File Inclusion High
CVE-2024-21544 was published for spatie/browsershot (Composer) Dec 13, 2024
protobuf-java has potential Denial of Service issue High
CVE-2024-7254 was published for com.google.protobuf:protobuf-java (RubyGems) Sep 19, 2024
Symfony has an incorrect response from Validator when input ends with `\n` Low
CVE-2024-50343 was published for symfony/symfony (Composer) Nov 6, 2024
offscriptian alexandre-daubois
Duplicate Advisory: cert-manager ha a potential slowdown / DoS when parsing specially crafted PEM inputs Moderate
CVE-2024-12401 was published for github.com/cert-manager/cert-manager (Go) Dec 12, 2024 withdrawn
sigstore has insufficient validation of integration timestamp during verification Low
CVE-2024-55655 was published for sigstore (pip) Dec 11, 2024
woodruffw haydentherapper
Missing security headers in Action Pack on non-HTML responses Moderate
CVE-2024-28103 was published for actionpack (RubyGems) Jun 4, 2024
shinkbr
sigstore-java has a vulnerability with bundle verification Low
CVE-2024-54140 was published for dev.sigstore:sigstore-java (Maven) Dec 5, 2024
loosebazooka
Synapse allows a a malformed invite to break the invitee's `/sync` High
CVE-2024-52815 was published for matrix-synapse (pip) Dec 3, 2024
Apache Syncope: Stored XSS in Console and Enduser Moderate
CVE-2024-45031 was published for org.apache.syncope.client:syncope-client-console (Maven) Oct 24, 2024
Improper Input Validation in Twisted Critical
CVE-2020-10108 was published for Twisted (pip) Mar 31, 2020
Improper Input Validation vulnerability in Apache Hop Engine Moderate
CVE-2024-24683 was published for org.apache.hop:hop (Maven) Mar 19, 2024
Koji blacklisted paths workaround High
CVE-2017-1002153 was published for koji (pip) May 13, 2022
Improper Input Validation in mindsdb Moderate
CVE-2023-49796 was published for mindsdb (pip) Dec 12, 2023
sylwia-budzynska
OpenStack Nova Scheduler denial of service through scheduler_hints Low
CVE-2012-3371 was published for Nova (pip) May 17, 2022
OpenStack Compute (Nova) Improper Input Validation Moderate
CVE-2012-2654 was published for nova (pip) May 17, 2022
django Filer Unrestricted Upload of File with Dangerous Type Moderate
CVE-2024-11404 was published for django-filer (pip) Nov 20, 2024
Kubernetes Nil pointer dereference in KCM after v1 HPA patch request High
CVE-2024-0793 was published for k8s.io/kubernetes (Go) Nov 17, 2024
Apache Airflow Drill Provider vulnerable to improper input validation High
CVE-2023-28707 was published for apache-airflow-providers-apache-drill (pip) Apr 7, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database