GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,094
Erlang
29
GitHub Actions
19
Go
1,920
Maven
5,000+
npm
3,648
NuGet
638
pip
3,263
Pub
10
RubyGems
873
Rust
822
Swift
35
Unreviewed advisories
All unreviewed
5,000+
8,940 advisories
Filter by severity
Keycloak Services has a potential bypass of brute force protection
Moderate
CVE-2024-4629
was published
for
org.keycloak:keycloak-services
(Maven)
Sep 17, 2024
Devise-Two-Factor Authentication Uses Insufficient Default OTP Shared Secret Length
Moderate
CVE-2024-8796
was published
for
devise-two-factor
(RubyGems)
Sep 17, 2024
@backstage/plugin-techdocs-backend vulnerable to circumvention of cross site scripting protection
Moderate
CVE-2024-46976
was published
for
@backstage/plugin-techdocs-backend
(npm)
Sep 17, 2024
Heap-based Buffer Overflow in MicroPython
Moderate
CVE-2024-8946
was published
for
micropython-copy
(pip)
Sep 17, 2024
heap-buffer-overflow in MicroPython
Moderate
CVE-2024-8948
was published
for
micropython-copy
(pip)
Sep 17, 2024
Use After Free in MicroPython
Moderate
CVE-2024-8947
was published
for
micropython-copy
(pip)
Sep 17, 2024
Concrete CMS stored XSS vulnerability in the "Top Navigator Bar" block
Moderate
CVE-2024-8660
was published
for
concrete5/concrete5
(Composer)
Sep 17, 2024
@backstage/plugin-techdocs-backend storage bucket Directory Traversal vulnerability
Moderate
CVE-2024-45816
was published
for
@backstage/plugin-techdocs-backend
(npm)
Sep 17, 2024
@backstage/plugin-catalog-backend Prototype Pollution vulnerability
Moderate
CVE-2024-45815
was published
for
@backstage/plugin-catalog-backend
(npm)
Sep 17, 2024
Vite DOM Clobbering gadget found in vite bundled scripts that leads to XSS
Moderate
CVE-2024-45812
was published
for
vite
(npm)
Sep 17, 2024
Vite's `server.fs.deny` is bypassed when using `?import&raw`
Moderate
CVE-2024-45811
was published
for
vite
(npm)
Sep 17, 2024
Kimai has an XXE Leading to Local File Read
Moderate
GHSA-534c-hcr7-67jg
was published
for
kimai/kimai
(Composer)
Sep 17, 2024
vLLM Denial of Service via the best_of parameter
Moderate
CVE-2024-8939
was published
for
vllm
(pip)
Sep 17, 2024
Wire UI has a JS XSS Vulnerability on route /wireui/button?label=Content
Moderate
CVE-2024-45803
was published
for
wireui/wireui
(Composer)
Sep 17, 2024
Sentry improperly authorizes deletion of user issue alert notifications
Moderate
CVE-2024-45605
was published
for
sentry
(pip)
Sep 17, 2024
powermail TYPO3 extension has Insecure Direct Object Reference
Moderate
CVE-2024-47047
was published
for
in2code/powermail
(Composer)
Sep 17, 2024
czim/file-handling vulnerable to SSRF and directory traversal
Moderate
CVE-2024-47049
was published
for
czim/file-handling
(Composer)
Sep 17, 2024
Contao affected by insert tag injection via canonical URL
Moderate
CVE-2024-45612
was published
for
contao/core-bundle
(Composer)
Sep 17, 2024
Contao affected by directory traversal in the file selector widget
Moderate
CVE-2024-45604
was published
for
contao/core-bundle
(Composer)
Sep 17, 2024
LangChain pickle deserialization of untrusted data
Moderate
CVE-2024-5998
was published
for
langchain-community
(pip)
Sep 17, 2024
Concrete CMS Stored XSS in the "Next&Previous Nav" block
Moderate
CVE-2024-8661
was published
for
concrete5/concrete5
(Composer)
Sep 16, 2024
Decidim::Admin vulnerable to cross-site scripting (XSS) in the admin panel with QuillJS WYSWYG editor
Moderate
CVE-2024-39910
was published
for
decidim
(RubyGems)
Sep 16, 2024
Decidim::Admin vulnerable to cross-site scripting (XSS) in the admin activity log
Moderate
CVE-2024-32034
was published
for
decidim-admin
(RubyGems)
Sep 16, 2024
Mattermost Desktop App Uncontrolled Search Path Vulnerability
Moderate
CVE-2024-39613
was published
for
mattermost-desktop
(npm)
Sep 16, 2024
OpenDaylight Model-Driven Service Abstraction Layer (MD-SAL) allows follower controller to set up flow entries
Moderate
CVE-2024-46942
was published
for
org.opendaylight.mdsal:mdsal-artifacts
(Maven)
Sep 16, 2024
ProTip!
Advisories are also available from the
GraphQL API