Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,285
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,741
NuGet
668
pip
3,422
Pub
12
RubyGems
892
Rust
875
Swift
36
Unreviewed advisories
All unreviewed
5,000+

9,130 advisories

Loading
Password Pusher Allows Session Token Interception Leading to Potential Hijacking Moderate
CVE-2024-56733 was published for pwpush (RubyGems) Dec 30, 2024
Apache Superset: Improper Neutralization of custom SQL on embedded context Moderate
CVE-2024-24772 was published for apache-superset (pip) Feb 28, 2024
oscerd
Django denial-of-service in django.utils.html.strip_tags() Moderate
CVE-2024-53907 was published for Django (pip) Dec 6, 2024
TeamPass mail_me operation authorization issue Moderate
CVE-2024-50702 was published for nilsteampassnet/teampass (Composer) Dec 30, 2024
TeamPass does not properly check whether a folder is in a user's allowed folders list Moderate
CVE-2024-50701 was published for nilsteampassnet/teampass (Composer) Dec 30, 2024
LGSL has a reflected XSS at /lgsl_files/lgsl_list.php Moderate
CVE-2024-56517 was published for tltneon/lgsl (Composer) Dec 30, 2024
tCu0n9
khoj has an IDOR in subscription management allows unauthorized subscription modifications Moderate
CVE-2024-52294 was published for khoj (pip) Dec 30, 2024
adventure8812 r0path
Dcat-Admin Cross-Site Scripting (XSS) vulnerability Moderate
CVE-2024-54775 was published for dcat/laravel-admin (Composer) Dec 28, 2024
Dcat Admin Cross-site Scripting (XSS) vulnerability Moderate
CVE-2024-54774 was published for dcat/laravel-admin (Composer) Dec 28, 2024
Werkzeug possible resource exhaustion when parsing file data in forms Moderate
CVE-2024-49767 was published for Quart (pip) Oct 25, 2024
defnull
TCPDF missing character escape on error messages Moderate
CVE-2024-56527 was published for tecnickcom/tcpdf (Composer) Dec 27, 2024
tecnickcom/tc-lib-pdf-font mishandles fonts Moderate
CVE-2024-56520 was published for tecnickcom/tc-lib-pdf-font (Composer) Dec 27, 2024
TCPDF lacks SVG sanitization Moderate
CVE-2024-56519 was published for tecnickcom/tcpdf (Composer) Dec 27, 2024
Jinja has a sandbox breakout through indirect reference to format method Moderate
CVE-2024-56326 was published for jinja2 (pip) Dec 23, 2024
Lydxn despawningbone
REXML DoS vulnerability Moderate
CVE-2024-41123 was published for rexml (RubyGems) Aug 1, 2024
REXML ReDoS vulnerability Moderate
CVE-2024-49761 was published for rexml (RubyGems) Oct 28, 2024
TunnelVision - decloaking VPNs using DHCP Moderate
GHSA-hqmp-g7ph-x543 was published for quincy (Rust) Dec 27, 2024
python-sql SQL injection vulnerability Moderate
CVE-2024-9774 was published for python-sql (pip) Dec 27, 2024
Marp Core allows XSS by improper neutralization of HTML sanitization Moderate
CVE-2024-56510 was published for @marp-team/marp-core (npm) Dec 26, 2024
Ry0taK
Apache HugeGraph-Server: Fixed JWT Token (Secret) Moderate
CVE-2024-43441 was published for org.apache.hugegraph:hugegraph-server (Maven) Dec 24, 2024
Koji Cross-site Scripting Moderate
CVE-2024-9427 was published for koji (pip) Dec 24, 2024
Jinja has a sandbox breakout through malicious filenames Moderate
CVE-2024-56201 was published for jinja2 (pip) Dec 23, 2024
sleiner sisp
keycloak-core: open redirect via "form_post.jwt" JARM response mode Moderate
CVE-2023-6927 was published for org.keycloak:keycloak-core (Maven) Jan 23, 2024
PontusHanssen kasperkarlsson
Chetven
Cross-site Scripting vulnerability in SimpleXLSXEx::readThemeColors, SimpleXLSXEx::getColorValue and SimpleXLSX::toHTMLEx Moderate
CVE-2024-56364 was published for shuchkin/simplexlsx (Composer) Dec 23, 2024
shuchkin
Unsoundness in `Iterator` and `DoubleEndedIterator` impls for `glib::VariantStrIter` Moderate
GHSA-wrw7-89jp-8q8g was published for glib (Rust) Dec 23, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database