GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,279
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,421
Pub
12
RubyGems
891
Rust
873
Swift
36
Unreviewed advisories
All unreviewed
5,000+
20,960 advisories
Filter by severity
TunnelVision - decloaking VPNs using DHCP
Moderate
GHSA-hqmp-g7ph-x543
was published
for
quincy
(Rust)
Dec 27, 2024
changedetection.io Vulnerable to Improper Input Validation Leading to LFR/Path Traversal
High
CVE-2024-56509
was published
for
changedetection.io
(pip)
Dec 27, 2024
TCPDF has incorrect comparison
Moderate
CVE-2024-56522
was published
for
tecnickcom/tcpdf
(Composer)
Dec 27, 2024
TCPDF missing character escape on error messages
Moderate
CVE-2024-56527
was published
for
tecnickcom/tcpdf
(Composer)
Dec 27, 2024
TCPDF missing certificate validation
High
CVE-2024-56521
was published
for
tecnickcom/tcpdf
(Composer)
Dec 27, 2024
TCPDF lacks SVG sanitization
Moderate
CVE-2024-56519
was published
for
tecnickcom/tcpdf
(Composer)
Dec 27, 2024
tecnickcom/tc-lib-pdf-font mishandles fonts
Moderate
CVE-2024-56520
was published
for
tecnickcom/tc-lib-pdf-font
(Composer)
Dec 27, 2024
python-sql SQL injection vulnerability
Moderate
CVE-2024-9774
was published
for
python-sql
(pip)
Dec 27, 2024
Amazon Redshift Python Connector vulnerable to SQL Injection
High
CVE-2024-12745
was published
for
redshift_connector
(pip)
Dec 26, 2024
Amazon Redshift JDBC Driver vulnerable to SQL Injection
High
CVE-2024-12744
was published
for
com.amazon.redshift:redshift-jdbc42
(Maven)
Dec 26, 2024
lgsl Stored Cross-Site Scripting vulnerability
High
CVE-2024-56361
was published
for
tltneon/lgsl
(Composer)
Dec 26, 2024
Marp Core allows XSS by improper neutralization of HTML sanitization
Moderate
CVE-2024-56510
was published
for
@marp-team/marp-core
(npm)
Dec 26, 2024
Apache MINA Deserialization RCE Vulnerability
Critical
CVE-2024-52046
was published
for
org.apache.mina:mina-core
(Maven)
Dec 25, 2024
Apache HugeGraph-Server: Fixed JWT Token (Secret)
Moderate
CVE-2024-43441
was published
for
org.apache.hugegraph:hugegraph-server
(Maven)
Dec 24, 2024
Gogs has an argument Injection in the built-in SSH server
Critical
CVE-2024-39930
was published
for
gogs.io/gogs
(Go)
Dec 23, 2024
Gogs allows argument injection during the previewing of changes
Critical
CVE-2024-39932
was published
for
gogs.io/gogs
(Go)
Dec 23, 2024
Gogs allows deletion of internal files
Critical
CVE-2024-39931
was published
for
gogs.io/gogs
(Go)
Dec 23, 2024
Gogs allows argument Injection when tagging new releases
High
CVE-2024-39933
was published
for
gogs.io/gogs
(Go)
Dec 23, 2024
Unsoundness in `Iterator` and `DoubleEndedIterator` impls for `glib::VariantStrIter`
Moderate
GHSA-wrw7-89jp-8q8g
was published
for
glib
(Rust)
Dec 23, 2024
Navidrome Stores JWT Secret in Plaintext in navidrome.db
High
CVE-2024-56362
was published
for
github.com/navidrome/navidrome
(Go)
Dec 23, 2024
Cross Site Scripting (XSS) vulnerability while uploading content to a new deployment
Moderate
GHSA-64gp-r758-8pfm
was published
for
org.jboss.hal:hal-console
(Maven)
Dec 23, 2024
Unsound usages of `u8` type casting in spl-token-swap
Moderate
GHSA-h6xm-c6r4-vmwf
was published
for
spl-token-swap
(Rust)
Dec 23, 2024
libafl has unsound usages of `core::slice::from_raw_parts_mut`
Moderate
GHSA-f7qj-v3vp-4856
was published
for
libafl
(Rust)
Dec 23, 2024
Undefined behaviour in `kvm_ioctls::ioctls::vm::VmFd::create_device`
Moderate
GHSA-3qx8-rv27-j6gp
was published
for
kvm-ioctls
(Rust)
Dec 23, 2024
ProTip!
Advisories are also available from the
GraphQL API