Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,248
Erlang
31
GitHub Actions
21
Go
2,016
Maven
5,000+
npm
3,721
NuGet
662
pip
3,400
Pub
11
RubyGems
890
Rust
852
Swift
36
Unreviewed advisories
All unreviewed
5,000+

7,436 advisories

Loading
Kolide Agent Privilege Escalation (Windows, Versions >= 1.5.3, < 1.12.3) High
CVE-2024-54131 was published for github.com/kolide/launcher (Go) Dec 3, 2024
Synapse can be forced to thumbnail unexpected file formats, invoking external, potentially untrustworthy decoders High
CVE-2024-53863 was published for matrix-synapse (pip) Dec 3, 2024
Synapse allows a a malformed invite to break the invitee's `/sync` High
CVE-2024-52815 was published for matrix-synapse (pip) Dec 3, 2024
Synapse allows unsupported content types to lead to memory exhaustion High
CVE-2024-52805 was published for matrix-synapse (pip) Dec 3, 2024
Synapse denial of service through media disk space consumption High
CVE-2024-37302 was published for matrix-synapse (pip) Dec 3, 2024
Apache Ozone: Improper authentication when generating S3 secrets High
CVE-2024-45106 was published for org.apache.ozone:ozone (Maven) Dec 3, 2024
Denial of service (DoS) via deformation `multipart/form-data` boundary High
CVE-2024-53981 was published for python-multipart (pip) Dec 2, 2024
Startr4ck defnull
mnqazi
Mongoose search injection vulnerability High
CVE-2024-53900 was published for mongoose (npm) Dec 2, 2024
SimpleSAMLphp vulnerable to XXE in parsing SAML messages High
GHSA-j5g2-q29x-cw3h was published for simplesamlphp/simplesamlphp (Composer) Dec 2, 2024
ahacker1-securesaml
SimpleSAMLphp xml-common XXE vulnerability High
CVE-2024-52596 was published for simplesamlphp/saml2 (Composer) Dec 2, 2024
ahacker1-securesaml
Ant-Media-Server vulnerable to Improper Output Neutralization for Logs High
CVE-2024-35371 was published for io.antmedia:ant-media-server (Maven) Nov 29, 2024
Withdrawn Advisory: Symfony's VarDumper vulnerable to unsafe deserialization High
CVE-2024-36610 was published for symfony/var-dumper (Composer) Nov 29, 2024 withdrawn
jderusse
Moby Race Condition vulnerability High
CVE-2024-36621 was published for github.com/moby/moby (Go) Nov 29, 2024
Moby Race Condition vulnerability High
CVE-2024-36623 was published for github.com/moby/moby (Go) Nov 29, 2024
SPEmailHandler-PHP has Potential Abuse for Sending Arbitrary Emails High
CVE-2024-53860 was published for spencer14420/sp-php-email-handler (Composer) Nov 27, 2024
Querydsl vulnerable to HQL injection trough orderBy High
CVE-2024-49203 was published for com.querydsl:querydsl-apt (Maven) Nov 27, 2024
CSIRTTrizna
Jenkins Simple Queue Plugin has stored cross-site scripting (XSS) vulnerability High
CVE-2024-54003 was published for io.jenkins.plugins:simple-queue (Maven) Nov 27, 2024
@lobehub/chat Server Side Request Forgery vulnerability High
CVE-2024-32965 was published for @lobehub/chat (npm) Nov 26, 2024
yyzsec
aiocpa contains credential harvesting code High
GHSA-486g-47cc-8wxf was published for aiocpa (pip) Nov 25, 2024
Keycloak mTLS Authentication Bypass via Reverse Proxy TLS Termination High
CVE-2024-10039 was published for org.keycloak:keycloak-core (Maven) Nov 25, 2024
ahus1
Keycloak Build Process Exposes Sensitive Data High
CVE-2024-10451 was published for org.keycloak:keycloak-quarkus-server (Maven) Nov 25, 2024
shawkins
MLflow's excessive directory permissions allow local privilege escalation High
CVE-2024-27134 was published for mlflow (pip) Nov 25, 2024
org.keycloak:keycloak-services has Inefficient Regular Expression Complexity High
CVE-2024-10270 was published for org.keycloak:keycloak-services (Maven) Nov 25, 2024
Artifact poisoning vulnerability in action-download-artifact v5 and earlier High
GHSA-5xr6-xhww-33m4 was published for dawidd6/action-download-artifact (GitHub Actions) Nov 25, 2024
woodruffw
Taurus multi-party-sig has OT-based ECDSA protocol implementation flaws High
GHSA-7f6p-phw2-8253 was published for github.com/taurusgroup/multi-party-sig (Go) Nov 25, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database