Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+

20,740 advisories

Loading
Exiv2 has an out-of-bounds read in QuickTimeVideo::NikonTagsDecoder Moderate
CVE-2024-24826 was published for exiv2 (pip) Oct 17, 2024
westonsteimel
JetBrains Ktor information disclosure Moderate
CVE-2024-49580 was published for io.ktor:ktor-client-core-jvm (Maven) Oct 17, 2024
AlexeyTsvetkov
Path traversal in redaxo Moderate
CVE-2024-46212 was published for redaxo/source (Composer) Oct 16, 2024
Admidio Vulnerable to HTML Injection In The Messages Section Low
CVE-2024-47836 was published for admidio/admidio (Composer) Oct 16, 2024
Kakashi1234
Improper Authentication vulnerability in Apache Solr Critical
CVE-2024-45216 was published for org.apache.solr:solr (Maven) Oct 16, 2024
Insecure Default Initialization of Resource vulnerability in Apache Solr High
CVE-2024-45217 was published for org.apache.solr:solr (Maven) Oct 16, 2024
Possible ReDoS vulnerability in block_format in Action Mailer Moderate
CVE-2024-47889 was published for actionmailer (RubyGems) Oct 15, 2024
Possible ReDoS vulnerability in plain_text_for_blockquote_node in Action Text Moderate
CVE-2024-47888 was published for actiontext (RubyGems) Oct 15, 2024
Possible ReDoS vulnerability in HTTP Token authentication in Action Controller Moderate
CVE-2024-47887 was published for actionpack (RubyGems) Oct 15, 2024
Possible ReDoS vulnerability in query parameter filtering in Action Dispatch Moderate
CVE-2024-41128 was published for actionpack (RubyGems) Oct 15, 2024
MySQL Connector/Python connector takeover vulnerability High
CVE-2024-21272 was published for mysql-connector-python (pip) Oct 15, 2024
m3t3kh4n
Infinite loop in github.com/gomarkdown/markdown Moderate
CVE-2024-44337 was published for github.com/gomarkdown/markdown (Go) Oct 15, 2024
VM images built with Image Builder and Proxmox provider use default credentials in github.com/kubernetes-sigs/image-builder Critical
CVE-2024-9486 was published for github.com/kubernetes-sigs/image-builder (Go) Oct 15, 2024
VM images built with Image Builder with some providers use default credentials during builds in github.com/kubernetes-sigs/image-builder Moderate
CVE-2024-9594 was published for github.com/kubernetes-sigs/image-builder (Go) Oct 15, 2024
ReDoS vulnerability in vue package that is exploitable through inefficient regex evaluation in the parseHTML function Low
CVE-2024-9506 was published for vue (npm) Oct 15, 2024
m3t3kh4n
Starlette Denial of service (DoS) via multipart/form-data High
CVE-2024-47874 was published for starlette (pip) Oct 15, 2024
defnull
Malicious homeservers can steal message keys when the matrix-react-sdk user invites another user to a room High
CVE-2024-47824 was published for matrix-react-sdk (npm) Oct 15, 2024
dkasak
Matrix JavaScript SDK's key history sharing could share keys to malicious devices High
CVE-2024-47080 was published for matrix-js-sdk (npm) Oct 15, 2024
dkasak
changedetection.io has a Server Side Template Injection using Jinja2 which allows Remote Command Execution Critical
CVE-2024-32651 was published for changedetection.io (pip) Oct 15, 2024
edoardottt dgtlmoon
Vendure asset server plugin has local file read vulnerability with AssetServerPlugin & LocalAssetStorageStrategy Critical
CVE-2024-48914 was published for @vendure/asset-server-plugin (npm) Oct 15, 2024
Hono allows bypass of CSRF Middleware by a request without Content-Type header. Moderate
CVE-2024-48913 was published for hono (npm) Oct 15, 2024
KageShiron MathurAditya724
Agent Dart is missing certificate verification checks High
CVE-2024-48915 was published for agent_dart (Pub) Oct 15, 2024
AlexV525
PyO3 has a risk of use-after-free in `borrowed` reads from Python weak references Moderate
CVE-2024-9979 was published for pyo3 (Rust) Oct 15, 2024
Valid ECDSA signatures erroneously rejected in Elliptic Low
CVE-2024-48948 was published for elliptic (npm) Oct 15, 2024
martincostello IchordeDionysos
Duplicate Advisory: PyO3 has a risk of use-after-free in `borrowed` reads from Python weak references Moderate
GHSA-f8x4-f32r-w556 was published for pyo3 (Rust) Oct 15, 2024 withdrawn
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database