GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,285
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,741
NuGet
668
pip
3,422
Pub
12
RubyGems
892
Rust
875
Swift
36
Unreviewed advisories
All unreviewed
5,000+
427 advisories
Filter by severity
Browsershot Improper Input Validation vulnerability
High
CVE-2024-21549
was published
for
spatie/browsershot
(Composer)
Dec 20, 2024
OpenShift Must Gather Operator Improper Input Validation vulnerability
High
CVE-2024-25131
was published
for
github.com/openshift/must-gather
(Go)
Dec 19, 2024
Browsershot Local File Inclusion
High
CVE-2024-21544
was published
for
spatie/browsershot
(Composer)
Dec 13, 2024
Synapse allows a a malformed invite to break the invitee's `/sync`
High
CVE-2024-52815
was published
for
matrix-synapse
(pip)
Dec 3, 2024
Kubernetes Nil pointer dereference in KCM after v1 HPA patch request
High
CVE-2024-0793
was published
for
k8s.io/kubernetes
(Go)
Nov 17, 2024
Livewire Remote Code Execution on File Uploads
High
CVE-2024-47823
was published
for
livewire/livewire
(Composer)
Oct 8, 2024
protobuf-java has potential Denial of Service issue
High
CVE-2024-7254
was published
for
com.google.protobuf:protobuf-java
(RubyGems)
Sep 19, 2024
Mesop has a local file Inclusion via static file serving functionality
High
CVE-2024-45601
was published
for
mesop
(pip)
Sep 18, 2024
Apache DolphinScheduler: RCE by arbitrary js execution
High
CVE-2024-29831
was published
for
org.apache.dolphinscheduler:dolphinscheduler
(Maven)
Aug 12, 2024
Apache DolphinScheduler: Resource File Read And Write Vulnerability
High
CVE-2024-30188
was published
for
org.apache.dolphinscheduler:dolphinscheduler
(Maven)
Aug 12, 2024
Weave server API vulnerable to arbitrary file leak
High
CVE-2024-7340
was published
for
weave
(pip)
Jul 31, 2024
Apache Syncope Improper Input Validation vulnerability
High
CVE-2024-38503
was published
for
org.apache.syncope.client.idrepo:syncope-client-idrepo-common-ui
(Maven)
Jul 22, 2024
Absent Input Validation in BinaryHttpParser
High
CVE-2024-40642
was published
for
io.netty.incubator:netty-incubator-codec-bhttp
(Maven)
Jul 18, 2024
Mimekit has vulnerable dependency that can lead to denial of service
High
GHSA-gmc6-fwg3-75m5
was published
for
MimeKit
(NuGet)
Jul 11, 2024
@discordjs/opus vulnerable to Denial of Service
High
CVE-2024-21521
was published
for
@discordjs/opus
(npm)
Jul 10, 2024
Microsoft Security Advisory CVE-2024-38095 | .NET Denial of Service Vulnerability
High
CVE-2024-38095
was published
for
Microsoft.NetCore.App.Runtime.linux-arm
(NuGet)
Jul 9, 2024
Spring Cloud Function Framework vulnerable to Denial of Service
High
CVE-2024-22271
was published
for
org.springframework.cloud:spring-cloud-function-context
(Maven)
Jul 9, 2024
Arbitrary File Creation in opencart
High
CVE-2024-21519
was published
for
opencart/opencart
(Composer)
Jun 22, 2024
Lightning Network Daemon (LND)'s onion processing logic leads to a denial of service
High
CVE-2024-38359
was published
for
github.com/lightningnetwork/lnd
(Go)
Jun 20, 2024
Moodle ReCAPTCHA can be bypassed on the login page
High
CVE-2024-34009
was published
for
moodle/moodle
(Composer)
May 31, 2024
Moodle Improper Input Validation
High
CVE-2024-33999
was published
for
moodle/moodle
(Composer)
May 31, 2024
ProTip!
Advisories are also available from the
GraphQL API