GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,081
Erlang
29
GitHub Actions
19
Go
1,909
Maven
5,000+
npm
3,642
NuGet
638
pip
3,258
Pub
10
RubyGems
869
Rust
820
Swift
35
Unreviewed advisories
All unreviewed
5,000+
20,135 advisories
Filter by severity
serve-static vulnerable to template injection that can lead to XSS
Moderate
CVE-2024-43800
was published
for
serve-static
(npm)
Sep 10, 2024
SAML authentication bypass via Incorrect XPath selector
Critical
CVE-2024-45409
was published
for
ruby-saml
(RubyGems)
Sep 10, 2024
express vulnerable to XSS via response.redirect()
Moderate
CVE-2024-43796
was published
for
express
(npm)
Sep 10, 2024
Keycloak Denial of Service vulnerability
Moderate
CVE-2023-6841
was published
for
org.keycloak:keycloak-core
(Maven)
Sep 10, 2024
XWiki Platform document history including authors of any page exposed to unauthorized actors
Moderate
CVE-2024-45591
was published
for
org.xwiki.platform:xwiki-platform-rest-server
(Maven)
Sep 10, 2024
auditor-bundle vulnerable to Cross-site Scripting because name of entity does not get escaped
High
CVE-2024-45592
was published
for
damienharper/auditor-bundle
(Composer)
Sep 10, 2024
body-parser vulnerable to denial of service when url encoding is enabled
High
CVE-2024-45590
was published
for
body-parser
(npm)
Sep 10, 2024
node-gettext vulnerable to Prototype Pollution
Moderate
CVE-2024-21528
was published
for
node-gettext
(npm)
Sep 10, 2024
ThinkPHP deserialization vulnerability
Critical
CVE-2024-44902
was published
for
topthink/framework
(Composer)
Sep 9, 2024
Keycloak Uses a Key Past its Expiration Date
Moderate
CVE-2024-7318
was published
for
org.keycloak:keycloak-core
(Maven)
Sep 9, 2024
Keycloak Open Redirect vulnerability
Moderate
CVE-2024-7260
was published
for
org.keycloak:keycloak-core
(Maven)
Sep 9, 2024
Keycloak Session Fixation vulnerability
High
CVE-2024-7341
was published
for
org.keycloak:keycloak-services
(Maven)
Sep 9, 2024
Twig has a possible sandbox bypass
High
CVE-2024-45411
was published
for
twig/twig
(Composer)
Sep 9, 2024
path-to-regexp outputs backtracking regular expressions
High
CVE-2024-45296
was published
for
path-to-regexp
(npm)
Sep 9, 2024
Craft CMS vulnerable to stored XSS in breadcrumb list and title fields
Moderate
CVE-2024-45406
was published
for
craftcms/cms
(Composer)
Sep 9, 2024
Httpful is Missing Certificate Validation
Moderate
GHSA-gcfg-hmwx-wq5h
was published
for
nategood/httpful
(Composer)
Sep 9, 2024
pyload-ng vulnerable to RCE with js2py sandbox escape
Critical
GHSA-r9pp-r4xf-597r
was published
for
pyload-ng
(pip)
Sep 9, 2024
External Secrets Operator vulnerable to privilege escalation
High
CVE-2024-45041
was published
for
github.com/external-secrets/external-secrets
(Go)
Sep 9, 2024
AngularJS allows attackers to bypass common image source restrictions
Low
CVE-2024-8373
was published
for
angular
(npm)
Sep 9, 2024
AngularJS allows attackers to bypass common image source restrictions
Low
CVE-2024-8372
was published
for
angular
(npm)
Sep 9, 2024
Gouniverse GoLang CMS vulnerable to Cross-site Scripting
Moderate
CVE-2024-8572
was published
for
github.com/gouniverse/cms
(Go)
Sep 8, 2024
Apache Airflow vulnerable to Execution with Unnecessary Privileges
High
CVE-2024-45034
was published
for
apache-airflow
(pip)
Sep 7, 2024
Apache Airflow vulnerable to Improper Encoding or Escaping of Output
High
CVE-2024-45498
was published
for
apache-airflow
(pip)
Sep 7, 2024
Default installation of `synthetic-monitoring-agent` exposes sensitive information
High
CVE-2022-46156
was published
for
github.com/grafana/synthetic-monitoring-agent
(Go)
Sep 6, 2024
Exposure of debug and metrics endpoints in Pomerium
Moderate
CVE-2022-24797
was published
for
github.com/pomerium/pomerium
(Go)
Sep 6, 2024
ProTip!
Advisories are also available from the
GraphQL API