GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,132
Erlang
29
GitHub Actions
19
Go
1,937
Maven
5,000+
npm
3,676
NuGet
642
pip
3,292
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+
1,146 advisories
Filter by severity
HashiCorp Vault Incorrectly Validated JSON Web Tokens (JWT) Audience Claims
Low
CVE-2024-5798
was published
for
github.com/hashicorp/vault
(Go)
Jun 12, 2024
Keycloak Denial of Service via account lockout
Low
GHSA-cq42-vhv7-xr7p
was published
for
org.keycloak:keycloak-services
(Maven)
Jun 12, 2024
Keycloak's improper input validation allows using email as username
Low
GHSA-4vc8-pg5c-vg4x
was published
for
org.keycloak:keycloak-services
(Maven)
Jun 12, 2024
@strapi/plugin-content-manager leaks data via relations via the Admin Panel
Low
CVE-2024-29181
was published
for
@strapi/plugin-content-manager
(npm)
Jun 12, 2024
`docker cp` allows unexpected chmod of host files in Moby Docker Engine
Low
CVE-2021-41089
was published
for
github.com/docker/docker
(Go)
Jun 10, 2024
zenml-io/zenml does not expire the session after password reset
Low
CVE-2024-4680
was published
for
zenml
(pip)
Jun 8, 2024
evmos allows transferring unvested tokens after delegations
Low
CVE-2024-32873
was published
for
github.com/evmos/evmos/v10
(Go)
Jun 6, 2024
s2n-tls has a potentially observable differences in RSA premaster secret handling
Low
GHSA-52xf-5p2m-9wrv
was published
for
s2n-tls
(Rust)
Jun 6, 2024
Password hash exposed in CraftCMS two factor authentication plugin
Low
CVE-2024-5657
was published
for
born05/craft-twofactorauthentication
(Composer)
Jun 6, 2024
Typo3 Information Disclosure in Page Tree
Low
GHSA-h934-f4m4-wc8x
was published
for
typo3/cms
(Composer)
Jun 5, 2024
Information Disclosure in TYPO3 CMS
Low
GHSA-c7p6-3c9c-f88q
was published
for
typo3/cms
(Composer)
Jun 5, 2024
Arbitrary JavaScript execution due to using outdated libraries
Low
GHSA-4m3g-6r7g-jv4f
was published
for
gradio_pdf
(pip)
Jun 5, 2024
SQL Injection in Harbor scan log API
Low
CVE-2024-22261
was published
for
github.com/goharbor/harbor
(Go)
Jun 2, 2024
Password confirmation stored in plain text via registration form in statamic/cms
Low
CVE-2024-36119
was published
for
statamic/cms
(Composer)
Jun 2, 2024
Slack integration leaks sensitive information in logs
Low
CVE-2024-35196
was published
for
sentry
(pip)
Jun 2, 2024
Fides Webserver Logs Hosted Database Password Partial Exposure Vulnerability
Low
CVE-2024-34715
was published
for
ethyca-fides
(pip)
May 29, 2024
Umbraco Forms components vulnerable to Stored Cross-site Scripting
Low
CVE-2024-35239
was published
for
Umbraco.Forms
(NuGet)
May 28, 2024
silverstripe/framework sends passwords back to browsers under some circumstances
Low
GHSA-vh7q-j8p5-2h4h
was published
for
silverstripe/framework
(Composer)
May 27, 2024
silverstripe/framework's pre-existing alc_enc cookies log users in if remember me is disabled
Low
GHSA-5r8w-66hq-rc39
was published
for
silverstripe/framework
(Composer)
May 27, 2024
silverstripe/framework password encryption salt not updated
Low
GHSA-f3wp-xpv2-6vmg
was published
for
silverstripe/framework
(Composer)
May 27, 2024
github.com/huandu/facebook may expose access_token in error message.
Low
CVE-2024-35232
was published
for
github.com/huandu/facebook/v2
(Go)
May 24, 2024
ProTip!
Advisories are also available from the
GraphQL API