GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,902
Maven
5,000+
npm
3,631
NuGet
638
pip
3,246
Pub
10
RubyGems
863
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
20,093 advisories
Filter by severity
Reverb use after free vulnerability
Moderate
CVE-2024-8375
was published
for
dm-reverb
(pip)
Sep 19, 2024
Keycloak SAML signature validation flaw
High
CVE-2024-8698
was published
for
org.keycloak:keycloak-saml-core
(Maven)
Sep 19, 2024
Keycloak Open Redirect vulnerability
Moderate
CVE-2024-8883
was published
for
org.keycloak:keycloak-services
(Maven)
Sep 19, 2024
DOM Clobbering Gadget found in Rspack's AutoPublicPathRuntimeModule that leads to XSS
Moderate
GHSA-84jw-g43v-8gjm
was published
for
@rspack/core
(npm)
Sep 19, 2024
ZITADEL Allows Unauthorized Access After Organization or Project Deactivation
Moderate
GHSA-jj94-6f5c-65r8
was published
for
github.com/zitadel/zitadel/v2
(Go)
Sep 19, 2024
ZITADEL's Service Users Deactivation not Working
High
GHSA-qr2h-7pwm-h393
was published
for
github.com/zitadel/zitadel/v2
(Go)
Sep 19, 2024
ZITADEL's User Grant Deactivation not Working
High
GHSA-2w5j-qfvw-2hf5
was published
for
github.com/zitadel/zitadel/v2
(Go)
Sep 19, 2024
protobuf-java has potential Denial of Service issue
High
CVE-2024-7254
was published
for
com.google.protobuf:protobuf-java
(RubyGems)
Sep 19, 2024
Gematik Referenzvalidator has an XXE vulnerability that can lead to a Server Side Request Forgery attack
High
CVE-2024-46984
was published
for
de.gematik.refv.commons:commons
(Maven)
Sep 19, 2024
SOFA Hessian Remote Command Execution (RCE) Vulnerability
High
CVE-2024-46983
was published
for
com.alipay.sofa:hessian
(Maven)
Sep 19, 2024
HTTP client can manipulate custom HTTP headers that are added by Traefik
Critical
CVE-2024-45410
was published
for
github.com/traefik/traefik
(Go)
Sep 19, 2024
Dragonfly2 has hard coded cyptographic key
Critical
CVE-2023-27584
was published
for
d7y.io/dragonfly/v2
(Go)
Sep 19, 2024
Grafana plugin SDK Information Leakage
Critical
CVE-2024-8986
was published
for
github.com/grafana/grafana-plugin-sdk-go
(Go)
Sep 19, 2024
LangChain Experimental Eval Injection vulnerability
Critical
CVE-2024-46946
was published
for
langchain-experimental
(pip)
Sep 19, 2024
Mautic has insufficient authentication in upgrade flow
High
CVE-2022-25770
was published
for
mautic/core
(Composer)
Sep 19, 2024
Mautic allows users enumeration due to weak password login
Moderate
CVE-2024-47059
was published
for
mautic/core
(Composer)
Sep 18, 2024
Mautic has insufficient authentication in upgrade flow
High
CVE-2024-47051
was published
for
mautic/core
(Composer)
Sep 18, 2024
Mautic has an XSS in contact tracking and page hits report
High
CVE-2021-27917
was published
for
mautic/core
(Composer)
Sep 18, 2024
Mautic vulnerable to XSS in contact/company tracking (no authentication)
Moderate
CVE-2024-47050
was published
for
mautic/core
(Composer)
Sep 18, 2024
Mautic vulnerable to Cross-site Scripting (XSS) - stored (edit form HTML field)
Low
CVE-2024-47058
was published
for
mautic/core
(Composer)
Sep 18, 2024
CoreDNS Cache Poisoning via a birthday attack
Low
CVE-2023-30464
was published
for
github.com/coredns/coredns
(Go)
Sep 18, 2024
Chaosblade vulnerable to OS command execution
Critical
CVE-2023-47105
was published
for
github.com/chaosblade-io/chaosblade
(Go)
Sep 18, 2024
Mesop has a local file Inclusion via static file serving functionality
High
CVE-2024-45601
was published
for
mesop
(pip)
Sep 18, 2024
Mautic vulnerable to Improper Access Control in UI upgrade process
High
CVE-2022-25768
was published
for
mautic/core
(Composer)
Sep 18, 2024
SpiceDB having multiple caveats on resources of the same type may improperly result in no permission
Low
CVE-2024-46989
was published
for
github.com/authzed/spicedb
(Go)
Sep 18, 2024
ProTip!
Advisories are also available from the
GraphQL API