GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,279
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,421
Pub
12
RubyGems
891
Rust
873
Swift
36
Unreviewed advisories
All unreviewed
5,000+
9,125 advisories
Filter by severity
TunnelVision - decloaking VPNs using DHCP
Moderate
GHSA-hqmp-g7ph-x543
was published
for
quincy
(Rust)
Dec 27, 2024
TCPDF has incorrect comparison
Moderate
CVE-2024-56522
was published
for
tecnickcom/tcpdf
(Composer)
Dec 27, 2024
TCPDF missing character escape on error messages
Moderate
CVE-2024-56527
was published
for
tecnickcom/tcpdf
(Composer)
Dec 27, 2024
TCPDF lacks SVG sanitization
Moderate
CVE-2024-56519
was published
for
tecnickcom/tcpdf
(Composer)
Dec 27, 2024
tecnickcom/tc-lib-pdf-font mishandles fonts
Moderate
CVE-2024-56520
was published
for
tecnickcom/tc-lib-pdf-font
(Composer)
Dec 27, 2024
python-sql SQL injection vulnerability
Moderate
CVE-2024-9774
was published
for
python-sql
(pip)
Dec 27, 2024
Marp Core allows XSS by improper neutralization of HTML sanitization
Moderate
CVE-2024-56510
was published
for
@marp-team/marp-core
(npm)
Dec 26, 2024
Apache HugeGraph-Server: Fixed JWT Token (Secret)
Moderate
CVE-2024-43441
was published
for
org.apache.hugegraph:hugegraph-server
(Maven)
Dec 24, 2024
Unsoundness in `Iterator` and `DoubleEndedIterator` impls for `glib::VariantStrIter`
Moderate
GHSA-wrw7-89jp-8q8g
was published
for
glib
(Rust)
Dec 23, 2024
Cross Site Scripting (XSS) vulnerability while uploading content to a new deployment
Moderate
GHSA-64gp-r758-8pfm
was published
for
org.jboss.hal:hal-console
(Maven)
Dec 23, 2024
Unsound usages of `u8` type casting in spl-token-swap
Moderate
GHSA-h6xm-c6r4-vmwf
was published
for
spl-token-swap
(Rust)
Dec 23, 2024
libafl has unsound usages of `core::slice::from_raw_parts_mut`
Moderate
GHSA-f7qj-v3vp-4856
was published
for
libafl
(Rust)
Dec 23, 2024
Undefined behaviour in `kvm_ioctls::ioctls::vm::VmFd::create_device`
Moderate
GHSA-3qx8-rv27-j6gp
was published
for
kvm-ioctls
(Rust)
Dec 23, 2024
Cross-site Scripting vulnerability in SimpleXLSXEx::readThemeColors, SimpleXLSXEx::getColorValue and SimpleXLSX::toHTMLEx
Moderate
CVE-2024-56364
was published
for
shuchkin/simplexlsx
(Composer)
Dec 23, 2024
Jinja has a sandbox breakout through indirect reference to format method
Moderate
CVE-2024-56326
was published
for
jinja2
(pip)
Dec 23, 2024
Jinja has a sandbox breakout through malicious filenames
Moderate
CVE-2024-56201
was published
for
jinja2
(pip)
Dec 23, 2024
Piranha CMS Cross-site Scripting vulnerability
Moderate
CVE-2024-55341
was published
for
Piranha
(NuGet)
Dec 20, 2024
Piranha CMS Cross-site Scripting vulnerability
Moderate
CVE-2024-55342
was published
for
Piranha
(NuGet)
Dec 20, 2024
Oqtane Framework Insecure Direct Object Reference vulnerability
Moderate
CVE-2024-55471
was published
for
Oqtane.Framework
(NuGet)
Dec 20, 2024
uptime-kuma vulnerable to Local File Inclusion (LFI) via Improper URL Handling in `Real-Browser` monitor
Moderate
CVE-2024-56331
was published
for
uptime-kuma
(npm)
Dec 20, 2024
Hashicorp Nomad Incorrect Privilege Assignment vulnerability
Moderate
CVE-2024-12678
was published
for
github.com/hashicorp/nomad
(Go)
Dec 20, 2024
QOS.CH logback-core Expression Language Injection vulnerability
Moderate
CVE-2024-12798
was published
for
ch.qos.logback:logback-core
(Maven)
Dec 19, 2024
Duplicate Advisory: openCart Server-Side Template Injection (SSTI) vulnerability
Moderate
GHSA-j2v2-3784-vr44
was published
for
opencart/opencart
(Composer)
Dec 18, 2024
•
withdrawn
age vulnerable to malicious plugin names, recipients, or identities causing arbitrary binary execution
Moderate
GHSA-32gq-x56h-299c
was published
for
filippo.io/age
(Go)
Dec 18, 2024
ProTip!
Advisories are also available from the
GraphQL API