Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,670
Maven
5,000+
npm
4,296
NuGet
760
pip
4,075
Pub
12
RubyGems
957
Rust
1,058
Swift
45
Unreviewed advisories
All unreviewed
5,000+

12,767 advisories

Loading
Filament has exported files stored in default (`public`) filesystem if not reconfigured Low
CVE-2024-51758 was published for filament/actions (Composer) Nov 7, 2024
danharrin catferq
Credited to danharrin and catferq
Mattermost versions 9.10.x <= 9.10.2, 9.11.x <= 9.11.1, 9.5.x <= 9.5.9 and 10.0.x <= 10.0.0 fail... Low Unreviewed
CVE-2024-42000 was published Nov 9, 2024
Sensitive information disclosure during file browsing due to improper soft link handling. The... Low Unreviewed
CVE-2024-34015 was published Nov 11, 2024
In Eclipse OpenJ9 versions up to 0.47, the JNI function GetStringUTFLength may return an... Low Unreviewed
CVE-2024-10917 was published Nov 11, 2024
Umbraco CMS Improper Access Control Vulnerability Allows Low-Privilege Users to Access Webhook API Low
CVE-2024-48925 was published for Umbraco.CMS (NuGet) Oct 22, 2024
thanhlam-attt
Credited to thanhlam-attt
Cash Operations does not perform necessary authorization check for an authenticated user,... Low Unreviewed
CVE-2024-47587 was published Nov 12, 2024
Exposure of sensitive system information to an unauthorized control sphere issue exists in Mesh... Low Unreviewed
CVE-2024-47799 was published Nov 12, 2024
Dell SmartFabric OS10 Software, version(s) 10.5.6.x, 10.5.5.x, 10.5.4.x, 10.5.3.x, contain(s) a... Low Unreviewed
CVE-2024-48838 was published Nov 12, 2024
Regular expression denial of service in jquery-validation Low
CVE-2021-43306 was published for jquery-validation (npm) Jun 3, 2022
klaudialax amita-seal
Credited to klaudialax and amita-seal
A flaw was found in the cockpit package. This flaw allows an authenticated user to kill any... Low Unreviewed
CVE-2024-6126 was published Jul 3, 2024
A flaw was found in NetworkManager. When a system running NetworkManager with DEBUG logs enabled... Low Unreviewed
CVE-2024-6501 was published Jul 9, 2024
A vulnerability was found in Digistar AG-30 Plus 2.6b. It has been classified as problematic.... Low Unreviewed
CVE-2024-11126 was published Nov 12, 2024
Twig has unguarded calls to `__isset()` and to array-accesses when the sandbox is enabled Low
CVE-2024-51755 was published for twig/twig (Composer) Nov 6, 2024
maantje nicolas-grekas
G-Rath
Credited to maantje, nicolas-grekas, and G-Rath
Langchain SQL Injection vulnerability Low
CVE-2024-8309 was published for langchain (pip) Oct 29, 2024
BarrensZeppelin eyurtsev
efriis
Credited to BarrensZeppelin, eyurtsev, and efriis
`fast-float` has multiple soundness issues Low
GHSA-x8jh-xj3x-gx3c was published for fast-float (Rust) Nov 12, 2024
cggmp21-keygen has ambiguous challenge derivation Low
GHSA-7jjx-3qw9-j6h6 was published for cggmp21-keygen (Rust) Nov 12, 2024
cggmp21 vulnerable to ambiguous challenge derivation Low
GHSA-rm66-9gh4-4gp8 was published for cggmp21 (Rust) Nov 12, 2024
paillier-zk has ambiguous challenge derivation Low
GHSA-fpr5-jp2j-4q2f was published for paillier-zk (Rust) Nov 12, 2024
Moodle admin presets export tool includes some secrets that should not be exported Low
CVE-2024-43427 was published for moodle/moodle (Composer) Nov 11, 2024
Moodle has insufficient access control Low
CVE-2024-43430 was published for moodle/moodle (Composer) Nov 11, 2024
Moodle authorization headers preserved between "emulated redirects" Low
CVE-2024-43432 was published for moodle/moodle (Composer) Nov 11, 2024
Moodle's user/power level management inconsistent with suspended users Low
CVE-2024-43433 was published for moodle/moodle (Composer) Nov 11, 2024
Moodle has insufficient capability checks Low
CVE-2024-43435 was published for moodle/moodle (Composer) Nov 11, 2024
Moodle Cross-site Scripting vulnerability Low
CVE-2024-43437 was published for moodle/moodle (Composer) Nov 11, 2024
Incorrect access control in the fingerprint authentication mechanism of Bitdefender Mobile... Low Unreviewed
CVE-2024-31684 was published Jun 3, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database