Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,255
Erlang
31
GitHub Actions
21
Go
2,021
Maven
5,000+
npm
3,728
NuGet
662
pip
3,406
Pub
12
RubyGems
890
Rust
862
Swift
36
Unreviewed advisories
All unreviewed
5,000+

20,826 advisories

Loading
lxd CA certificate sign check bypass Low
CVE-2024-6156 was published for github.com/canonical/lxd (Go) Dec 9, 2024
markylaing
lxd has a restricted TLS certificate privilege escalation when in PKI mode Low
CVE-2024-6219 was published for github.com/canonical/lxd (Go) Dec 9, 2024
markylaing
unstructured XML External Entity (XXE) Moderate
CVE-2024-46455 was published for unstructured (pip) Dec 9, 2024
Hugo does not escape some attributes in internal templates Moderate
CVE-2024-55601 was published for github.com/gohugoio/hugo (Go) Dec 9, 2024
jmooring
league/commonmark's quadratic complexity bugs may lead to a denial of service High
GHSA-c2pc-g5qf-rfrf was published for league/commonmark (Composer) Dec 9, 2024
Winter CMS Modules allows a sandbox bypass in Twig templates leading to data modification and deletion High
CVE-2024-54149 was published for winter/wn-cms-module (Composer) Dec 9, 2024
bennothommo
`idna` accepts Punycode labels that do not produce any non-ASCII when decoded Moderate
CVE-2024-12224 was published for idna (Rust) Dec 9, 2024
Directus allows unauthenticated access to WebSocket events and operations High
CVE-2024-54151 was published for @directus/api (npm) Dec 9, 2024
SeanDylanGoff fishuke
Trix editor subject to XSS vulnerabilities on copy & paste Moderate
CVE-2024-53847 was published for trix (npm) Dec 9, 2024
Apache Superset: Improper SQL authorisation, parse not checking for specific postgres functions Low
CVE-2024-53947 was published for apache-superset (pip) Dec 9, 2024
Apache Superset: Lower privilege users are able to create Role when FAB_ADD_SECURITY_API is enabled High
CVE-2024-53949 was published for apache-superset (pip) Dec 9, 2024
Apache Superset: Error verbosity exposes metadata in analytics databases Moderate
CVE-2024-53948 was published for apache-superset (pip) Dec 9, 2024
Infinite loop in nanoid Low
CVE-2024-55565 was published for nanoid (npm) Dec 9, 2024
krassowski
shared_preferences_android vulnerability Low
GHSA-3hpf-ff72-j67p was published for shared_preferences_android (Pub) Dec 6, 2024
oskar-zeinomahmalat-sonarsource reidbaker
stuartmorgan
phpMyFAQ Generates an Error Message Containing Sensitive Information if database server is not available High
CVE-2024-54141 was published for thorsten/phpmyfaq (Composer) Dec 6, 2024
geo-chen
Django SQL injection in HasKey(lhs, rhs) on Oracle High
CVE-2024-53908 was published for Django (pip) Dec 6, 2024
Django denial-of-service in django.utils.html.strip_tags() Moderate
CVE-2024-53907 was published for Django (pip) Dec 6, 2024
Unpatched `path-to-regexp` ReDoS in 0.1.x Moderate
CVE-2024-52798 was published for path-to-regexp (npm) Dec 5, 2024
blakeembrey ctcpip
Directus has an HTML Injection in Comment Moderate
CVE-2024-54128 was published for @directus/app (npm) Dec 5, 2024
mastomii r3dpower
sigstore-java has a vulnerability with bundle verification Low
CVE-2024-54140 was published for dev.sigstore:sigstore-java (Maven) Dec 5, 2024
loosebazooka
Build corruption when using `PYO3_CONFIG_FILE` environment variable Moderate
GHSA-vxcf-c7mx-pg53 was published for pyo3 (Rust) Dec 5, 2024
Unsound usages of `std::slice::from_raw_parts` Low
GHSA-gw5w-5j7f-jmjj was published for pprof (Rust) Dec 5, 2024
rPGP Potential Resource Exhaustion when handling Untrusted Messages High
CVE-2024-53857 was published for pgp (Rust) Dec 5, 2024
invd hko-s
link2xt dignifiedquire
rPGP Panics on Malformed Untrusted Input High
CVE-2024-53856 was published for pgp (Rust) Dec 5, 2024
invd hko-s
dignifiedquire link2xt
Drupal core vulnerable to improper error handling Moderate
CVE-2024-11942 was published for drupal/core (Composer) Dec 5, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database