Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,270
Erlang
31
GitHub Actions
21
Go
2,046
Maven
5,000+
npm
3,737
NuGet
663
pip
3,415
Pub
12
RubyGems
891
Rust
868
Swift
36
Unreviewed advisories
All unreviewed
5,000+

20,916 advisories

Loading
FileManager Deserialization of Untrusted Data vulnerability High
CVE-2024-52306 was published for backpack/filemanager (Composer) Nov 13, 2024
catferq
UnoPim Stored XSS : Cookie hijacking through Create User function Moderate
CVE-2024-52305 was published for unopim/unopim (Composer) Nov 13, 2024
yamerooo123
Symfony has an Authentication Bypass via RememberMe High
CVE-2024-51996 was published for symfony/security-http (Composer) Nov 13, 2024
jderusse m0xr4
stof
decidim-meetings Cross-site scripting vulnerability in the online or hybrid meeting embeds Moderate
CVE-2024-45594 was published for decidim-meetings (RubyGems) Nov 13, 2024
whotwagner
Moodle IDOR when accessing list of badge recipients Moderate
CVE-2024-48900 was published for moodle/moodle (Composer) Nov 13, 2024
DotNetZip Directory Traversal vulnerability High
CVE-2024-48510 was published for DotNetZip (NuGet) Nov 13, 2024
Foorcee
Craft CMS vulnerable to Potential Remote Code Execution via missing path normalization & Twig SSTI High
CVE-2024-52293 was published for craftcms/cms (Composer) Nov 13, 2024
nullchilly
Craft CMS Arbitrary System File Read High
CVE-2024-52292 was published for craftcms/cms (Composer) Nov 13, 2024
pk2codes
Local File System Validation Bypass Leading to File Overwrite, Sensitive File Access, and Potential Code Execution High
CVE-2024-52291 was published for craftcms/cms (Composer) Nov 13, 2024
senzee1984
dom-iterator code execution vulnerability Moderate
CVE-2024-21541 was published for dom-iterator (npm) Nov 13, 2024
.NET Remote Code Execution Vulnerability Critical
CVE-2024-43498 was published for System.Formats.Nrbf (NuGet) Nov 12, 2024
matt-phylum
.NET Denial of Service Vulnerability Low
CVE-2024-43499 was published for System.Formats.Nrbf (NuGet) Nov 12, 2024
Laravel environment manipulation via query string High
CVE-2024-52301 was published for laravel/framework (Composer) Nov 12, 2024
Cross Site Scripting vulnerability in Snipe-IT High
CVE-2024-51093 was published for snipe/snipe-it (Composer) Nov 12, 2024
Zoraxy has an authenticated command injection in the Web SSH feature High
CVE-2024-52010 was published for github.com/tobychui/zoraxy (Go) Nov 12, 2024
n-thumann
Mimalloc Can Allocate Memory with Bad Alignment Moderate
GHSA-g23h-7vf9-xc25 was published for mimalloc (Rust) Nov 12, 2024
paillier-zk has ambiguous challenge derivation Low
GHSA-fpr5-jp2j-4q2f was published for paillier-zk (Rust) Nov 12, 2024
cggmp21 vulnerable to ambiguous challenge derivation Low
GHSA-rm66-9gh4-4gp8 was published for cggmp21 (Rust) Nov 12, 2024
`simd-json-derive` vulnerable to `MaybeUninit` misuse Moderate
GHSA-pqpw-89w5-82v5 was published for simd-json-derive (Rust) Nov 12, 2024
cggmp21-keygen has ambiguous challenge derivation Low
GHSA-7jjx-3qw9-j6h6 was published for cggmp21-keygen (Rust) Nov 12, 2024
`fast-float` has multiple soundness issues Low
GHSA-x8jh-xj3x-gx3c was published for fast-float (Rust) Nov 12, 2024
Orchid Platform has Method Exposure Vulnerability in Modals Moderate
CVE-2024-51992 was published for orchid/platform (Composer) Nov 12, 2024
catferq
matrix-js-sdk has insufficient MXC URI validation which allows client-side path traversal Moderate
CVE-2024-50336 was published for matrix-js-sdk (npm) Nov 12, 2024
Denial of Service attack on windows app using netty Moderate
CVE-2024-47535 was published for io.netty:netty-common (Maven) Nov 12, 2024
Amossys-PGR AB-xdev
irene221b
Decidim-Awesome has SQL injection in AdminAccountability High
CVE-2024-43415 was published for decidim-decidim_awesome (RubyGems) Nov 12, 2024
whotwagner
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database