Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,081
Erlang
29
GitHub Actions
19
Go
1,909
Maven
5,000+
npm
3,642
NuGet
638
pip
3,258
Pub
10
RubyGems
869
Rust
820
Swift
35
Unreviewed advisories
All unreviewed
5,000+

20,135 advisories

Loading
OpenShift Controller Manager Improper Privilege Management Critical
CVE-2024-45496 was published for github.com/openshift/openshift-controller-manager (Go) Sep 17, 2024
OpenShift Builder has a path traversal, allows command injection in privileged BuildContainer Critical
CVE-2024-7387 was published for github.com/openshift/builder (Go) Sep 17, 2024
DOMPurify allows tampering by prototype pollution High
CVE-2024-45801 was published for dompurify (npm) Sep 16, 2024
eslerm cure53
Concrete CMS Stored XSS in the "Next&Previous Nav" block Moderate
CVE-2024-8661 was published for concrete5/concrete5 (Composer) Sep 16, 2024
lexical-core has multiple soundness issues Low
GHSA-2326-pfpj-vx3h was published for lexical-core (Rust) Sep 16, 2024
Decidim::Admin vulnerable to cross-site scripting (XSS) in the admin panel with QuillJS WYSWYG editor Moderate
CVE-2024-39910 was published for decidim (RubyGems) Sep 16, 2024
Decidim::Admin vulnerable to cross-site scripting (XSS) in the admin activity log Moderate
CVE-2024-32034 was published for decidim-admin (RubyGems) Sep 16, 2024
Mattermost Desktop App fails to safeguard screen capture functionality Low
CVE-2024-39772 was published for mattermost-desktop (npm) Sep 16, 2024
Mattermost Desktop App fails to sufficiently configure Electron Fuses Low
CVE-2024-45835 was published for mattermost-desktop (npm) Sep 16, 2024
OpenDaylight Model-Driven Service Abstraction Layer (MD-SAL) allows follower controller to set up flow entries Moderate
CVE-2024-46942 was published for org.opendaylight.mdsal:mdsal-artifacts (Maven) Sep 16, 2024
Apache Seata Deserialization of Untrusted Data vulnerability High
CVE-2024-22399 was published for org.apache.seata:seata-core (Maven) Sep 16, 2024
Mattermost Desktop App Uncontrolled Search Path Vulnerability Moderate
CVE-2024-39613 was published for mattermost-desktop (npm) Sep 16, 2024
OpenDaylight Authentication, Authorization and Accounting (AAA) peer impersonation vulnerability Moderate
CVE-2024-46943 was published for org.opendaylight.aaa:aaa-artifacts (Maven) Sep 16, 2024
D-Tale Command Execution Vulnerability Moderate
CVE-2024-8862 was published for dtale (pip) Sep 16, 2024
Aim Stored XSS through TEXT EXPLORER Moderate
CVE-2024-8863 was published for aim (pip) Sep 16, 2024
Composio Path Traversal vulnerability Moderate
CVE-2024-8865 was published for composio-core (pip) Sep 16, 2024
Composio Code Injection Vulnerability Moderate
CVE-2024-8864 was published for composio-core (pip) Sep 16, 2024
Ansible vulnerable to Insertion of Sensitive Information into Log File Moderate
CVE-2024-8775 was published for ansible-core (pip) Sep 16, 2024
Lunary Improper Authentication vulnerability Moderate
CVE-2024-6582 was published for lunary (npm) Sep 13, 2024
Lunary Cross-Site Request Forgery (CSRF) vulnerability Moderate
CVE-2024-6862 was published for lunary (npm) Sep 13, 2024
Lunary information disclosure vulnerability Moderate
CVE-2024-6867 was published for lunary (npm) Sep 13, 2024
Lunary improper access control vulnerability Moderate
CVE-2024-6087 was published for lunary (npm) Sep 13, 2024
LiteLLM Server-Side Request Forgery (SSRF) vulnerability High
CVE-2024-6587 was published for litellm (pip) Sep 13, 2024
Path traversal vulnerability in functional web frameworks High
CVE-2024-38816 was published for org.springframework:spring-webmvc (Maven) Sep 13, 2024
Malayke
whatsapp-api-js fails to validate message's signature Moderate
CVE-2024-45607 was published for whatsapp-api-js (npm) Sep 12, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database