Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,133
Erlang
29
GitHub Actions
19
Go
1,939
Maven
5,000+
npm
3,677
NuGet
643
pip
3,295
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+

1,147 advisories

Loading
Valid ECDSA signatures erroneously rejected in Elliptic Low
CVE-2024-48948 was published for elliptic (npm) Oct 15, 2024
Plone Denial of Service vulnerability via decompressing large zip archives Low
CVE-2013-4199 was published for plone (pip) May 17, 2022
Admidio Vulnerable to HTML Injection In The Messages Section Low
CVE-2024-47836 was published for admidio/admidio (Composer) Oct 16, 2024
Kakashi1234
Incorrect Provision of Specified Functionality in qutebrowser Low
CVE-2020-11054 was published for qutebrowser (pip) May 8, 2020
The-Compiler
pyxdg Arbitrary File Overwrite via Race Condition Low
CVE-2014-1624 was published for pyxdg (pip) May 17, 2022
python-keystoneclient unsecure user password update Low
CVE-2013-2013 was published for python-keystoneclient (pip) May 17, 2022
Possible ReDoS vulnerability in HTTP Token authentication in Action Controller Low
CVE-2024-47887 was published for actionpack (RubyGems) Oct 15, 2024
Possible ReDoS vulnerability in plain_text_for_blockquote_node in Action Text Low
CVE-2024-47888 was published for actiontext (RubyGems) Oct 15, 2024
Possible ReDoS vulnerability in block_format in Action Mailer Low
CVE-2024-47889 was published for actionmailer (RubyGems) Oct 15, 2024
open-webui allows enumeration of file names and traversal of directories by observing the error messages Low
CVE-2024-7038 was published for open-webui (pip) Oct 9, 2024
Elliptic's verify function omits uniqueness validation Low
CVE-2024-48949 was published for elliptic (npm) Oct 10, 2024
Markus-MS
SpiceDB calls to LookupResources using LookupResources2 with caveats may return context is missing when it is not Low
CVE-2024-48909 was published for github.com/authzed/spicedb (Go) Oct 14, 2024
Eclipse Jetty URI parsing of invalid authority Low
CVE-2024-6763 was published for org.eclipse.jetty:jetty-http (Maven) Oct 14, 2024
zer0yu
Eclipse Jetty's PushSessionCacheFilter can cause remote DoS attacks Low
CVE-2024-6762 was published for org.eclipse.jetty:jetty-servlets (Maven) Oct 14, 2024
Go-Landlock in best-effort mode did not restrict TCP bind and connect operations correctly Low
GHSA-vv6c-69r6-chg9 was published for github.com/landlock-lsm/go-landlock (Go) Oct 14, 2024
Race condition in zenml Low
CVE-2024-2032 was published for zenml (pip) Jun 6, 2024
Improper authentication in zenml Low
CVE-2024-2213 was published for zenml (pip) Jun 6, 2024
Lord of Large Language Models (LoLLMs) Server path traversal vulnerability in lollms_file_system.py Low
CVE-2024-6971 was published for lollms (pip) Oct 11, 2024
Magento Open Source Improper Access Control vulnerability Low
CVE-2024-45149 was published for magento/community-edition (Composer) Oct 10, 2024
Cross site scripting in zenml Low
CVE-2024-2171 was published for zenml (pip) Jun 6, 2024
Gradio's dropdown component pre-process step does not limit the values to those in the dropdown list Low
GHSA-26jh-r8g2-6fpr was published for gradio (pip) Oct 10, 2024
ahpaleus Vasco-jofra
In Gradio, the `enable_monitoring` flag set to `False` does not disable monitoring Low
CVE-2024-47168 was published for gradio (pip) Oct 10, 2024
ahpaleus Vasco-jofra
Express Open Redirect vulnerability Low
CVE-2024-9266 was published for express (npm) Oct 3, 2024
m3t3kh4n G-Rath
OpenTofu potential leaking of secret variable values when using static evaluation in v1.8 Low
GHSA-wpr2-j6gr-pjw9 was published for github.com/opentofu/opentofu (Go) Oct 3, 2024
Dozzle uses unsafe hash for passwords Low
CVE-2024-47182 was published for github.com/amir20/dozzle (Go) Oct 9, 2024
mohammed90
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database