GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,049
Erlang
29
GitHub Actions
18
Go
1,871
Maven
5,000+
npm
3,597
NuGet
638
pip
3,198
Pub
10
RubyGems
852
Rust
809
Swift
35
Unreviewed advisories
All unreviewed
5,000+
8,856 advisories
Filter by severity
Adyen APIs Library for Python timing attack vulnerability
Moderate
GHSA-f3q4-ggfp-jv34
was published
for
Adyen
(pip)
Aug 30, 2024
GeoServer style upload functionality vulnerable to XML External Entity (XXE) injection
Moderate
CVE-2023-26043
was published
for
GeoNode
(pip)
Aug 30, 2024
Svelte has a potential mXSS vulnerability due to improper HTML escaping
Moderate
CVE-2024-45047
was published
for
svelte
(npm)
Aug 30, 2024
CRLF Injection in RestSharp's `RestRequest.AddHeader` method
Moderate
CVE-2024-45302
was published
for
RestSharp
(NuGet)
Aug 29, 2024
Serilog Client IP Spoofing vulnerability
Moderate
CVE-2024-44930
was published
for
Serilog.Enrichers.ClientInfo
(NuGet)
Aug 29, 2024
"powermail" (powermail) Insecure Direct Object Reference (IDOR)
Moderate
CVE-2024-45232
was published
for
in2code/powermail
(Composer)
Aug 29, 2024
PhpSpreadsheet HTML writer is vulnerable to Cross-Site Scripting via style information
Moderate
CVE-2024-45046
was published
for
phpoffice/phpspreadsheet
(Composer)
Aug 29, 2024
OpenTelemetry Collector module AWS Firehose Receiver Authentication Bypass Vulnerability
Moderate
CVE-2024-45043
was published
for
github.com/open-telemetry/opentelemetry-collector-contrib/receiver/awsfirehosereceiver
(Go)
Aug 29, 2024
FeehiCMS User[avatar] unrestricted upload
Moderate
CVE-2024-8296
was published
for
feehi/cms
(Composer)
Aug 29, 2024
FeehiCMS BannerForm[img] unrestricted upload
Moderate
CVE-2024-8295
was published
for
feehi/cms
(Composer)
Aug 29, 2024
FeehiCMS file upload vulnerability
Moderate
CVE-2024-8294
was published
for
feehi/cms
(Composer)
Aug 29, 2024
Powermail TYPO3 extension Broken Access Control in the OutputController
Moderate
CVE-2024-45233
was published
for
in2code/powermail
(Composer)
Aug 29, 2024
CWA-2023-004: Excessive number of function parameters in compiled Wasm
Moderate
GHSA-75qh-gg76-p2w4
was published
for
cosmwasm-vm
(Go)
Aug 27, 2024
Directus has an insecure object reference via PATH presets
Moderate
GHSA-3fff-gqw3-vj86
was published
for
directus
(npm)
Aug 27, 2024
AWS CDK RestApi not generating authorizationScope correctly in resultant CFN template
Moderate
CVE-2024-45037
was published
for
aws-cdk
(npm)
Aug 27, 2024
Taipy has a Session Cookie without Secure and HTTPOnly flags
Moderate
GHSA-r3jq-4r5c-j9hp
was published
for
taipy
(pip)
Aug 27, 2024
Webpack's AutoPublicPathRuntimeModule has a DOM Clobbering Gadget that leads to XSS
Moderate
CVE-2024-43788
was published
for
webpack
(npm)
Aug 27, 2024
FastAPI Admin Cross-site Scripting vulnerability in the Config-Create function
Moderate
CVE-2024-42818
was published
for
fastapi-admin
(pip)
Aug 26, 2024
FastAPI Admin cross-site scripting (XSS) vulnerability in the Create Product function
Moderate
CVE-2024-42816
was published
for
fastapi-admin
(pip)
Aug 26, 2024
Hyperledger Fabric does not verify request has a timestamp within the expected time window
Moderate
CVE-2024-45244
was published
for
github.com/hyperledger/fabric
(Go)
Aug 25, 2024
Automad Cross-site Scripting vulnerability
Moderate
CVE-2024-40111
was published
for
automad/automad
(Composer)
Aug 23, 2024
•
withdrawn
Mage AI Path Traversal vulnerability
Moderate
CVE-2024-45189
was published
for
mage-ai
(pip)
Aug 23, 2024
Mage AI Path Traversal vulnerability
Moderate
CVE-2024-45190
was published
for
mage-ai
(pip)
Aug 23, 2024
Mage AI incorrectly gives privileges to users with deleted accounts
Moderate
CVE-2024-45187
was published
for
mage-ai
(pip)
Aug 23, 2024
Mage AI Path Traversal vulnerability
Moderate
CVE-2024-45188
was published
for
mage-ai
(pip)
Aug 23, 2024
ProTip!
Advisories are also available from the
GraphQL API