Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,090
Erlang
29
GitHub Actions
19
Go
1,915
Maven
5,000+
npm
3,646
NuGet
638
pip
3,262
Pub
10
RubyGems
870
Rust
821
Swift
35
Unreviewed advisories
All unreviewed
5,000+

8,932 advisories

Loading
Kubean vulnerable to cluster-level privilege escalation Moderate
CVE-2024-41820 was published for github.com/kubean-io/kubean (Go) Aug 5, 2024
younaman
In regclient, pinned manifest digests may be ignored Moderate
GHSA-qv35-3gw6-8q4j was published for github.com/regclient/regclient (Go) Aug 5, 2024
Apache Airflow Providers FAB Insufficient Session Expiration vulnerability Moderate
CVE-2024-42447 was published for apache-airflow-providers-fab (pip) Aug 5, 2024
APM Server vulnerable to Insertion of Sensitive Information into Log File Moderate
CVE-2024-37286 was published for github.com/elastic/apm-server (Go) Aug 3, 2024
openstack-heat may disclose sensitive information Moderate
CVE-2024-7319 was published for openstack-heat (pip) Aug 2, 2024
Podman vulnerable to memory-based denial of service Moderate
CVE-2024-3056 was published for github.com/containers/podman (Go) Aug 2, 2024
REXML DoS vulnerability Moderate
CVE-2024-41946 was published for rexml (RubyGems) Aug 2, 2024
naitoh
Apache Linkis vulnerable to privilege escalation Moderate
CVE-2024-27181 was published for org.apache.linkis:linkis (Maven) Aug 2, 2024
Apache Linkis arbitrary file deletion vulnerability Moderate
CVE-2024-27182 was published for org.apache.linkis:linkis (Maven) Aug 2, 2024
Bostr Improper Authorization vulnerability Moderate
CVE-2024-41962 was published for bostr (npm) Aug 2, 2024
cxplay
REXML DoS vulnerability Moderate
CVE-2024-41123 was published for rexml (RubyGems) Aug 1, 2024
Navidrome uses MD5 hashing algorithm Moderate
CVE-2024-41259 was published for github.com/navidrome/navidrome (Go) Aug 1, 2024
casdoor's use of`ssh.InsecureIgnoreHostKey()` disables host key verification Moderate
CVE-2024-41264 was published for github.com/casdoor/casdoor (Go) Aug 1, 2024
Mattermost allows remote actor to create/update/delete posts in arbitrary channels Moderate
CVE-2024-41144 was published for github.com/mattermost/mattermost/server/v8 (Go) Aug 1, 2024
Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling Moderate
CVE-2024-39832 was published for github.com/mattermost/mattermost/server/v8 (Go) Aug 1, 2024
Mattermost allows a user on a remote to set their remote username prop to an arbitrary string Moderate
CVE-2024-39839 was published for github.com/mattermost/mattermost/server/v8 (Go) Aug 1, 2024
Mattermost allows a remote actor to make an arbitrary local channel read-only Moderate
CVE-2024-41162 was published for github.com/mattermost/mattermost/server/v8 (Go) Aug 1, 2024
PheonixAppAPI has visible Encoding Maps Moderate
CVE-2024-41951 was published for PheonixAppAPI (pip) Jul 31, 2024
AkshuDev
ZITADEL "ignoring unknown usernames" vulnerability Moderate
CVE-2024-41952 was published for github.com/zitadel/zitadel (Go) Jul 31, 2024
livio-a
ZITADEL has improper HTML sanitization in emails and Console UI Moderate
CVE-2024-41953 was published for github.com/zitadel/zitadel (Go) Jul 31, 2024
livio-a
MobSF vulnerable to Open Redirect in Login Redirect Moderate
CVE-2024-41955 was published for mobsf (pip) Jul 31, 2024
IdentityServer Open Redirect vulnerability Moderate
GHSA-55p7-v223-x366 was published for IdentityServer4 (NuGet) Jul 31, 2024
Elasticsearch stores private key on disk unencrypted Moderate
CVE-2024-23444 was published for org.elasticsearch:elasticsearch (Maven) Jul 31, 2024
eZ Platform Admin UI vulnerable to DOM-based Cross-site Scripting in file upload widget Moderate
GHSA-gc5h-6jx9-q2qh was published for ezsystems/ezplatform-admin-ui (Composer) Jul 31, 2024
4rdr
Harbor fails to validate the user permissions when updating project configurations Moderate
CVE-2024-22278 was published for github.com/goharbor/harbor (Go) Jul 31, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database