Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,342
Erlang
31
GitHub Actions
22
Go
2,106
Maven
5,000+
npm
3,764
NuGet
679
pip
3,451
Pub
12
RubyGems
892
Rust
886
Swift
37
Unreviewed advisories
All unreviewed
5,000+

3,151 advisories

Loading
Spring Security vulnerable to Authorization Bypass of Static Resources in WebFlux Applications Critical
CVE-2024-38821 was published for org.springframework.security:spring-security-web (Maven) Oct 28, 2024
github.com/crossplane/crossplane: Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses Critical
GHSA-7h65-4p22-39j6 was published for github.com/crossplane/crossplane (Go) Oct 25, 2024
aditya-mayo
RKE2 allows privilege escalation in Windows nodes due to Insecure Access Control Lists Critical
GHSA-x7xj-jvwp-97rv was published for github.com/rancher/rke2 (Go) Oct 25, 2024
Rancher Remote Code Execution via Cluster/Node Drivers Critical
CVE-2024-22036 was published for github.com/rancher/rancher (Go) Oct 25, 2024
Rancher allows privilege escalation in Windows nodes due to Insecure Access Control Lists Critical
CVE-2023-32197 was published for github.com/rancher/rancher (Go) Oct 25, 2024
Butterfly has path/URL confusion in resource handling leading to multiple weaknesses Critical
CVE-2024-47883 was published for org.openrefine.dependencies:butterfly (Maven) Oct 24, 2024
Grafana Command Injection And Local File Inclusion Via Sql Expressions Critical
CVE-2024-9264 was published for github.com/grafana/grafana (Go) Oct 18, 2024
Malayke
Duplicate Advisory: Permissive Regular Expression in tacquito Critical
GHSA-j42f-wc6v-5xpq was published for github.com/tacquito/tacquito (Go) Oct 17, 2024 withdrawn
Improper Authentication vulnerability in Apache Solr Critical
CVE-2024-45216 was published for org.apache.solr:solr (Maven) Oct 16, 2024
VM images built with Image Builder and Proxmox provider use default credentials in github.com/kubernetes-sigs/image-builder Critical
CVE-2024-9486 was published for github.com/kubernetes-sigs/image-builder (Go) Oct 15, 2024
changedetection.io has a Server Side Template Injection using Jinja2 which allows Remote Command Execution Critical
CVE-2024-32651 was published for changedetection.io (pip) Oct 15, 2024
edoardottt dgtlmoon
Vendure asset server plugin has local file read vulnerability with AssetServerPlugin & LocalAssetStorageStrategy Critical
CVE-2024-48914 was published for @vendure/asset-server-plugin (npm) Oct 15, 2024
pac4j-core affected by a Java deserialization vulnerability Critical
CVE-2023-25581 was published for org.pac4j:pac4j-core (Maven) Oct 11, 2024
angular-base64-upload vulnerable to unauthenticated remote code execution Critical
CVE-2024-42640 was published for angular-base64-upload (npm) Oct 11, 2024
rvizx
SSOReady has an XML Signature Bypass via differential XML parsing Critical
CVE-2024-47832 was published for github.com/ssoready/ssoready (Go) Oct 11, 2024
ahacker1-securesaml
JSONPath Plus Remote Code Execution (RCE) Vulnerability Critical
CVE-2024-21534 was published for jsonpath-plus (Maven) Oct 11, 2024
jdong10
Apache Avro Java SDK: Arbitrary Code Execution when reading Avro Data (Java SDK) Critical
CVE-2024-47561 was published for org.apache.avro:avro (Maven) Oct 3, 2024
dbrugman
Jenkins OpenId Connect Authentication Plugin lacks audience claim validation Critical
CVE-2024-47806 was published for org.jenkins-ci.plugins:oic-auth (Maven) Oct 2, 2024
Jenkins OpenId Connect Authentication Plugin lacks issuer claim validation Critical
CVE-2024-47807 was published for org.jenkins-ci.plugins:oic-auth (Maven) Oct 2, 2024
Filament has unvalidated ColorColumn and ColorEntry values that can be used for Cross-site Scripting Critical
CVE-2024-47186 was published for filament/infolists (Composer) Sep 27, 2024
sv-LayZ danharrin
Agnai vulnerable to Remote Code Execution via JS Upload using Directory Traversal Critical
CVE-2024-47169 was published for agnai (npm) Sep 26, 2024
ropwareJB noe233
Duplicate Advisory: NVIDIA Container Toolkit contains a Time-of-check Time-of-Use (TOCTOU) vulnerability Critical
GHSA-536j-xxhg-6pgg was published for github.com/NVIDIA/nvidia-container-toolkit (Go) Sep 26, 2024 withdrawn
Gradio allows users to access arbitrary files Critical
GHSA-m842-4qm8-7gpq was published for gradio (pip) Sep 25, 2024
PinkDraconian
Mellium allows Authentication Bypass by Spoofing Critical
CVE-2024-46957 was published for mellium.im/xmpp (Go) Sep 25, 2024
DataEase's H2 datasource has a remote command execution risk Critical
CVE-2024-46997 was published for io.dataease:common (Maven) Sep 23, 2024
flylzj
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database