GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
1,996
Maven
5,000+
npm
3,709
NuGet
661
pip
3,348
Pub
11
RubyGems
885
Rust
846
Swift
36
Unreviewed advisories
All unreviewed
5,000+
20,659 advisories
Filter by severity
HTTP Client uses incorrect token after refresh
Moderate
CVE-2024-51987
was published
for
Duende.AccessTokenManagement.OpenIdConnect
(NuGet)
Nov 7, 2024
XStream is vulnerable to a Denial of Service attack due to stack overflow from a manipulated binary input stream
High
CVE-2024-47072
was published
for
com.thoughtworks.xstream:xstream
(Maven)
Nov 7, 2024
Hashicorp Nomad Incorrect Authorization vulnerability
Moderate
CVE-2024-10975
was published
for
github.com/hashicorp/nomad
(Go)
Nov 7, 2024
PHPExcel XXE Vulnerability
High
CVE-2015-3542
was published
for
phpoffice/phpexcel
(Composer)
Nov 7, 2024
Devtron has SQL Injection in CreateUser API
High
CVE-2024-45794
was published
for
github.com/devtron-labs/devtron
(Go)
Nov 7, 2024
jj vulnerable to path traversal via crafted Git repositories
Critical
CVE-2024-51990
was published
for
jj-lib
(Rust)
Nov 7, 2024
Filament has exported files stored in default (`public`) filesystem if not reconfigured
Low
CVE-2024-51758
was published
for
filament/actions
(Composer)
Nov 7, 2024
Moodle vulnerable to cache poisoning via injection into storage
Moderate
CVE-2024-43428
was published
for
moodle/moodle
(Composer)
Nov 7, 2024
Moodle vulnerable to site administration SQL injection via XMLDB editor
Moderate
CVE-2024-43436
was published
for
moodle/moodle
(Composer)
Nov 7, 2024
Moodle LFI vulnerability when restoring malformed block backups
Moderate
CVE-2024-43440
was published
for
moodle/moodle
(Composer)
Nov 7, 2024
Moodle has CSRF risk in Feedback non-respondents report
High
CVE-2024-43434
was published
for
moodle/moodle
(Composer)
Nov 7, 2024
Moodle's IDOR in badges allows deletion of arbitrary badges
Moderate
CVE-2024-43431
was published
for
moodle/moodle
(Composer)
Nov 7, 2024
Moodle has arbitrary file read risk through pdfTeX
Moderate
CVE-2024-43426
was published
for
moodle/moodle
(Composer)
Nov 7, 2024
Moodle's IDOR in Feedback non-respondents report allows messaging arbitrary site users
Moderate
CVE-2024-43438
was published
for
moodle/moodle
(Composer)
Nov 7, 2024
Moodle Remote Code Execution vulnerability
High
CVE-2024-43425
was published
for
moodle/moodle
(Composer)
Nov 7, 2024
hibernate-validator Cross-site Scripting vulnerability
Moderate
CVE-2023-1932
was published
for
org.hibernate.validator:hibernate-validator
(Maven)
Nov 7, 2024
Undertow Denial of Service vulnerability
Moderate
CVE-2023-1973
was published
for
io.undertow:undertow-core
(Maven)
Nov 7, 2024
Apache Tomcat Allocation of Resources Without Limits or Throttling vulnerability
High
CVE-2024-38286
was published
for
org.apache.tomcat:tomcat-util
(Maven)
Nov 7, 2024
RabbitMQ HTTP API's queue deletion endpoint does not verify that the user has a required permission
High
CVE-2024-51988
was published
for
rabbit_common
(Erlang)
Nov 6, 2024
Twig has unguarded calls to `__isset()` and to array-accesses when the sandbox is enabled
Low
CVE-2024-51755
was published
for
twig/twig
(Composer)
Nov 6, 2024
Twig has unguarded calls to `__toString()` when nesting an object into an array
Low
CVE-2024-51754
was published
for
twig/twig
(Composer)
Nov 6, 2024
UnoPim Cross-site Scripting vulnerability
Moderate
CVE-2024-50637
was published
for
unopim/unopim
(Composer)
Nov 6, 2024
Gradio vulnerable to arbitrary file read with File and UploadButton components
Moderate
CVE-2024-51751
was published
for
gradio
(pip)
Nov 6, 2024
codechecker authentication method confusion vulnerability allows logging in as the built-in root user from an external service
Critical
CVE-2024-10082
was published
for
codechecker
(pip)
Nov 6, 2024
codechecker vulnerable to authentication bypass when using specifically crafted URLs
Critical
CVE-2024-10081
was published
for
codechecker
(pip)
Nov 6, 2024
ProTip!
Advisories are also available from the
GraphQL API