GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
2,000
Maven
5,000+
npm
3,711
NuGet
661
pip
3,383
Pub
11
RubyGems
885
Rust
849
Swift
36
Unreviewed advisories
All unreviewed
5,000+
9,023 advisories
Filter by severity
CycloneDX cdxgen may execute code contained within build-related files
Moderate
CVE-2024-50611
was published
for
@cyclonedx/cdxgen
(npm)
Oct 28, 2024
useragent Regular Expression Denial of Service vulnerability
Moderate
CVE-2020-26311
was published
for
useragent
(npm)
Oct 26, 2024
Knwl.js Regular Expression Denial of Service vulnerability
Moderate
CVE-2020-26306
was published
for
knwl.js
(npm)
Oct 26, 2024
nope-validator Regular Expression Denial of Service vulnerability
Moderate
CVE-2020-26309
was published
for
nope-validator
(npm)
Oct 26, 2024
validate.js Regular Expression Denial of Service vulnerability
Moderate
CVE-2020-26308
was published
for
validate.js
(npm)
Oct 26, 2024
Foundation Regular Expression Denial of Service vulnerability
Moderate
CVE-2020-26304
was published
for
foundation-sites
(npm)
Oct 26, 2024
insane vulnerable to Regular Expression Denial of Service
Moderate
CVE-2020-26303
was published
for
insane
(npm)
Oct 26, 2024
CommonRegexJS Regular Expression Denial of Service vulnerability
Moderate
CVE-2020-26305
was published
for
commonregex
(npm)
Oct 26, 2024
Werkzeug possible resource exhaustion when parsing file data in forms
Moderate
CVE-2024-49767
was published
for
quart
(pip)
Oct 25, 2024
Werkzeug safe_join not safe on Windows
Moderate
CVE-2024-49766
was published
for
Werkzeug
(pip)
Oct 25, 2024
Denied Host Validation Bypass in Zitadel Actions
Moderate
CVE-2024-49753
was published
for
github.com/zitadel/zitadel
(Go)
Oct 25, 2024
Content Censorship in the InterPlanetary File System (IPFS) via Kademlia DHT abuse
Moderate
CVE-2023-26248
was published
for
github.com/libp2p/go-libp2p-kad-dht
(Go)
Oct 25, 2024
The Snowflake Connector for Python stores sensitive data in logs
Moderate
CVE-2024-49750
was published
for
snowflake-connector-python
(pip)
Oct 24, 2024
Pterodactyl Panel has plain-text logging of user passwords when two-factor authentication is disabled
Moderate
CVE-2024-49762
was published
for
pterodactyl/panel
(Composer)
Oct 24, 2024
Butterfly's parseJSON, getJSON functions eval malicious input, leading to remote code execution (RCE)
Moderate
GHSA-mpcw-3j5p-p99x
was published
for
org.openrefine.dependencies:butterfly
(Maven)
Oct 24, 2024
OpenRefine's error page lacks escaping, leading to potential Cross-site Scripting on import of malicious project
Moderate
CVE-2024-47882
was published
for
org.openrefine:openrefine
(Maven)
Oct 24, 2024
ai-admin-graphql has a Denial of service vulnerability in SaaS and marketplace setups
Moderate
CVE-2024-47173
was published
for
aimeos/ai-admin-graphql
(Composer)
Oct 24, 2024
baserCMS has a Cross-site Scripting (XSS) Vulnerability in Edit Email Form Settings Feature
Moderate
CVE-2024-46998
was published
for
baserproject/basercms
(Composer)
Oct 24, 2024
baserCMS has a Cross-site Scripting (XSS) Vulnerability in Blog posts Feature
Moderate
CVE-2024-46996
was published
for
baserproject/basercms
(Composer)
Oct 24, 2024
baserCMS has a Cross-site Scripting (XSS) Vulnerability in HTTP 400 Bad Request
Moderate
CVE-2024-46995
was published
for
baserproject/basercms
(Composer)
Oct 24, 2024
baserCMS has a Cross-site Scripting (XSS) Vulnerability in Blog posts and Contents list Feature
Moderate
CVE-2024-46994
was published
for
baserproject/basercms
(Composer)
Oct 24, 2024
Apache Syncope: Stored XSS in Console and Enduser
Moderate
CVE-2024-45031
was published
for
org.apache.syncope.client:syncope-client-console
(Maven)
Oct 24, 2024
In AshPostgres, empty, atomic, non-bulk actions, policy bypass for side-effects vulnerability.
Moderate
CVE-2024-49756
was published
for
ash_postgres
(Erlang)
Oct 23, 2024
camaleon_cms affected by cross site scripting
Moderate
CVE-2024-48652
was published
for
camaleon_cms
(RubyGems)
Oct 23, 2024
Umbraco CMS Has Incomplete Server Termination During Explicit Sign-Out
Moderate
CVE-2024-48929
was published
for
Umbraco.CMS
(NuGet)
Oct 22, 2024
ProTip!
Advisories are also available from the
GraphQL API