Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,964
Erlang
29
GitHub Actions
16
Go
1,746
Maven
4,974
npm
3,507
NuGet
609
pip
3,071
Pub
10
RubyGems
832
Rust
780
Swift
34
Unreviewed advisories
All unreviewed
5,000+

19,342 advisories

Undertow's url-encoded request path information can be broken on ajp-listener High
CVE-2024-6162 was published for io.undertow:undertow-core (Maven) Jun 20, 2024
Apache Superset server arbitrary file read Moderate
CVE-2024-34693 was published for apache-superset (pip) Jun 20, 2024
LocalAI path traversal vulnerability High
CVE-2024-5182 was published for github.com/go-skynet/LocalAI (Go) Jun 20, 2024
TinyMCE Cross-Site Scripting (XSS) vulnerability using noneditable_regexp option Moderate
CVE-2024-38356 was published for TinyMCE (Composer) Jun 19, 2024
TinyMCE Cross-Site Scripting (XSS) vulnerability using noscript elements Moderate
CVE-2024-38357 was published for TinyMCE (Composer) Jun 19, 2024
Malav-MK
socket.io has an unhandled 'error' event High
CVE-2024-38355 was published for socket.io (npm) Jun 19, 2024
Y0ursTruly
curve25519-dalek has timing variability in `curve25519-dalek`'s `Scalar29::sub`/`Scalar52::sub` Moderate
GHSA-x4gp-pqpj-f43q was published for curve25519-dalek (Rust) Jun 18, 2024
Moodle CSRF risks due to misuse of confirm_sesskey Moderate
CVE-2024-38276 was published for moodle/moodle (Composer) Jun 18, 2024
Moodle HTTP authorization header is preserved between "emulated redirects" Moderate
CVE-2024-38275 was published for moodle/moodle (Composer) Jun 18, 2024
Moodle BigBlueButton web service leaks meeting joining information Moderate
CVE-2024-38273 was published for moodle/moodle (Composer) Jun 18, 2024
Dolibarr arbitrary file upload vulnerability High
CVE-2024-37821 was published for dolibarr/dolibarr (Composer) Jun 18, 2024
Moodle stored XSS via calendar's event title when deleting the event Moderate
CVE-2024-38274 was published for moodle/moodle (Composer) Jun 18, 2024
Moodle uses the same key for QR login and auto-login Moderate
CVE-2024-38277 was published for moodle/moodle (Composer) Jun 18, 2024
PocketBase performs password auth and OAuth2 unverified email linking Moderate
CVE-2024-38351 was published for github.com/pocketbase/pocketbase (Go) Jun 18, 2024
dalurness
Minder affected by denial of service from maliciously configured Git repository Moderate
CVE-2024-37904 was published for github.com/stacklok/minder (Go) Jun 18, 2024
AdamKorcz DavidKorczynski
Duplicate Advisory: Keycloak: Leak of configured LDAP bind credentials Low
GHSA-gmrm-8fx4-66x7 was published for org.keycloak:keycloak-core (Maven) Jun 18, 2024 withdrawn
Rancher's RKE1 Encryption Config kept in plain-text within cluster AppliedSpec Moderate
CVE-2024-22032 was published for github.com/rancher/rancher (Go) Jun 17, 2024
Rancher's External RoleTemplates can lead to privilege escalation Moderate
CVE-2023-32196 was published for github.com/rancher/rancher (Go) Jun 17, 2024
rke's credentials are stored in the RKE1 Cluster state ConfigMap Critical
CVE-2023-32191 was published for github.com/rancher/rke (Go) Jun 17, 2024
Rancher does not automatically clean up a user deleted or disabled from the configured Authentication Provider High
CVE-2023-22650 was published for github.com/rancher/rancher (Go) Jun 17, 2024
Lobe Chat API Key Leak Moderate
CVE-2024-37895 was published for @lobehub/chat (npm) Jun 17, 2024
zhuozhiyongde
Firefly III has a MFA bypass in oauth flow Moderate
CVE-2024-37893 was published for grumpydictator/firefly-iii (Composer) Jun 17, 2024
Skelmis
urllib3's Proxy-Authorization request header isn't stripped during cross-origin redirects Moderate
CVE-2024-37891 was published for urllib3 (pip) Jun 17, 2024
pquentin illia-v
STRIMZI incorrect access control High
CVE-2024-36543 was published for io.strimzi:strimzi (Maven) Jun 17, 2024
LNbits improperly handles potential network and payment failures when using Eclair backend High
CVE-2024-34694 was published for lnbits (pip) Jun 17, 2024
Semisol fishcakeday
ProTip! Advisories are also available from the GraphQL API