Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,246
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

20,096 advisories

Loading
Vite's `server.fs.deny` is bypassed when using `?import&raw` Moderate
CVE-2024-45811 was published for vite (npm) Sep 17, 2024
adi1
Kimai has an XXE Leading to Local File Read Moderate
GHSA-534c-hcr7-67jg was published for kimai/kimai (Composer) Sep 17, 2024
ixSly
vLLM Denial of Service via the best_of parameter Moderate
CVE-2024-8939 was published for vllm (pip) Sep 17, 2024
vLLM denial of service vulnerability High
CVE-2024-8768 was published for vllm (pip) Sep 17, 2024
Wire UI has a JS XSS Vulnerability on route /wireui/button?label=Content Moderate
CVE-2024-45803 was published for wireui/wireui (Composer) Sep 17, 2024
sharathdn1 PH7-Jack
Sentry improperly authorizes muting of alert rules High
CVE-2024-45606 was published for sentry (pip) Sep 17, 2024
emanuelbeni
Sentry improperly authorizes deletion of user issue alert notifications Moderate
CVE-2024-45605 was published for sentry (pip) Sep 17, 2024
javeedsk8341
powermail TYPO3 extension has Insecure Direct Object Reference Moderate
CVE-2024-47047 was published for in2code/powermail (Composer) Sep 17, 2024
czim/file-handling vulnerable to SSRF and directory traversal Moderate
CVE-2024-47049 was published for czim/file-handling (Composer) Sep 17, 2024
Contao affected by insert tag injection via canonical URL Moderate
CVE-2024-45612 was published for contao/core-bundle (Composer) Sep 17, 2024
aschempp
Contao affected by directory traversal in the file selector widget Moderate
CVE-2024-45604 was published for contao/core-bundle (Composer) Sep 17, 2024
usdResponsibleDisclosure
Contao affected by remote command execution through file upload High
CVE-2024-45398 was published for contao/core-bundle (Composer) Sep 17, 2024
usdResponsibleDisclosure
LangChain pickle deserialization of untrusted data Moderate
CVE-2024-5998 was published for langchain-community (pip) Sep 17, 2024
BarrensZeppelin
OpenShift Controller Manager Improper Privilege Management Critical
CVE-2024-45496 was published for github.com/openshift/openshift-controller-manager (Go) Sep 17, 2024
OpenShift Builder has a path traversal, allows command injection in privileged BuildContainer Critical
CVE-2024-7387 was published for github.com/openshift/builder (Go) Sep 17, 2024
DOMPurify allows tampering by prototype pollution High
CVE-2024-45801 was published for dompurify (npm) Sep 16, 2024
eslerm cure53
Concrete CMS Stored XSS in the "Next&Previous Nav" block Moderate
CVE-2024-8661 was published for concrete5/concrete5 (Composer) Sep 16, 2024
lexical-core has multiple soundness issues Low
GHSA-2326-pfpj-vx3h was published for lexical-core (Rust) Sep 16, 2024
Decidim::Admin vulnerable to cross-site scripting (XSS) in the admin panel with QuillJS WYSWYG editor Moderate
CVE-2024-39910 was published for decidim (RubyGems) Sep 16, 2024
Decidim::Admin vulnerable to cross-site scripting (XSS) in the admin activity log Moderate
CVE-2024-32034 was published for decidim-admin (RubyGems) Sep 16, 2024
Mattermost Desktop App fails to safeguard screen capture functionality Low
CVE-2024-39772 was published for mattermost-desktop (npm) Sep 16, 2024
Mattermost Desktop App fails to sufficiently configure Electron Fuses Low
CVE-2024-45835 was published for mattermost-desktop (npm) Sep 16, 2024
Apache Seata Deserialization of Untrusted Data vulnerability High
CVE-2024-22399 was published for org.apache.seata:seata-core (Maven) Sep 16, 2024
OpenDaylight Model-Driven Service Abstraction Layer (MD-SAL) allows follower controller to set up flow entries Moderate
CVE-2024-46942 was published for org.opendaylight.mdsal:mdsal-artifacts (Maven) Sep 16, 2024
Mattermost Desktop App Uncontrolled Search Path Vulnerability Moderate
CVE-2024-39613 was published for mattermost-desktop (npm) Sep 16, 2024
ProTip! Advisories are also available from the GraphQL API