Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
50
GitHub Actions
50
Go
3,710
Maven
5,000+
npm
5,000+
NuGet
935
pip
4,938
Pub
13
RubyGems
1,053
Rust
1,333
Swift
54
Unreviewed advisories
All unreviewed
5,000+

30,047 advisories

Loading
Undertow Denial of Service vulnerability High
CVE-2024-5971 was published for io.undertow:undertow-core (Maven) Jul 8, 2024
fawind Credited to fawind
Aim denial of service vulnerability High
CVE-2024-6227 was published for aim (pip) Jul 8, 2024
Directus Allows Single Sign-On User Enumeration High
CVE-2024-39896 was published for directus (npm) Jul 8, 2024
Directus GraphQL Field Duplication Denial of Service (DoS) High
CVE-2024-39895 was published for @directus/env (npm) Jul 8, 2024
asantof Credited to asantof
zerovec-derive incorrectly uses `#[repr(packed)]` Moderate
GHSA-74r5-g7vc-j2v2 was published for zerovec-derive (Rust) Jul 8, 2024
hikiko4ern Credited to hikiko4ern
Directus incorrectly handles `_in` filter High
CVE-2024-39701 was published for directus (npm) Jul 8, 2024
adelinn Credited to adelinn
zerovec incorrectly uses `#[repr(packed)]` Moderate
GHSA-xrv3-jmcp-374j was published for zerovec (Rust) Jul 8, 2024
Directus Blind SSRF On File Import Moderate
CVE-2024-39699 was published for @directus/api (npm) Jul 8, 2024
dmitrii-zalmanov Credited to dmitrii-zalmanov
Khoj Open Redirect Vulnerability in Login Page Moderate
GHSA-564j-v29w-rqr6 was published for khoj-assistant (pip) Jul 8, 2024
davidxbors Credited to davidxbors
yt-dlp has dependency on potentially malicious third-party code in Douyu extractors Low
GHSA-3v33-3wmw-3785 was published for yt-dlp (pip) Jul 8, 2024
LeSuisse Credited to LeSuisse and bashonly bashonly bashonly
NHibernate SQL injection vulnerability in discriminator mappings, static fields referenced in HQL, and some utilities High
CVE-2024-39677 was published for NHibernate (NuGet) Jul 8, 2024
hazzik Credited to hazzik and fredericDelaporte fredericDelaporte fredericDelaporte
RailsAdmin Cross-site Scripting vulnerability in the list view Moderate
CVE-2024-39308 was published for rails_admin (RubyGems) Jul 8, 2024
mshibuya Credited to mshibuya
Apache NiFi vulnerable to Cross-site Scripting Moderate
CVE-2024-37389 was published for org.apache.nifi:nifi-web-ui (Maven) Jul 8, 2024
abaykan Credited to abaykan
EGroupware mishandles an ORDER BY clause High
CVE-2024-40614 was published for egroupware/egroupware (Composer) Jul 7, 2024
blitzdose Credited to blitzdose
OPCFoundation.NetStandard.Opc.Ua.Core buffer-management vulnerability High
CVE-2024-33862 was published for OPCFoundation.NetStandard.Opc.Ua.Core (NuGet) Jul 6, 2024
Vanna vulnerable to SQL Injection High
CVE-2024-5753 was published for vanna (pip) Jul 5, 2024
Information Disclosure Vulnerability in Privacy Center of SERVER_SIDE_FIDES_API_URL Moderate
CVE-2024-31223 was published for ethyca-fides (pip) Jul 5, 2024
RobertKeyser Credited to RobertKeyser
Bypassing IP allow-lists in traefik via HTTP/3 early data requests in QUIC 0-RTT handshakes High
CVE-2024-39321 was published for github.com/traefik/traefik/v2 (Go) Jul 5, 2024
MWedl Credited to MWedl
ai-controller-frontend payment status in basket isn't reset Moderate
CVE-2024-39325 was published for aimeos/ai-controller-frontend (Composer) Jul 5, 2024
ssshah2131 Credited to ssshah2131
Panic in Pipeline when PgConn is busy or closed in github.com/jackc/pgx Moderate
GHSA-fqpg-rq76-99pq was published for github.com/jackc/pgx/v5 (Go) Jul 5, 2024
silversub Credited to silversub
Server Side Request Forgery (SSRF) attack in Fedify Moderate
CVE-2024-39687 was published for @fedify/fedify (npm) Jul 5, 2024
ThisIsMissEm Credited to ThisIsMissEm
Private tokens could appear in logs if context containing gRPC metadata is logged in github.com/grpc/grpc-go Low
GHSA-xr7q-jx4m-x55m was published for google.golang.org/grpc (Go) Jul 5, 2024
Certifi removes GLOBALTRUST root certificate Low
CVE-2024-39689 was published for certifi (pip) Jul 5, 2024
Kwpolska Credited to Kwpolska and pcreager23 pcreager23 pcreager23
Malicious Matrix homeserver can leak truncated message content of messages it shouldn't have access to Moderate
CVE-2024-39691 was published for matrix-appservice-irc (npm) Jul 5, 2024
progval Credited to progval
ZITADEL Vulnerable to Session Information Leakage Moderate
CVE-2024-39683 was published for github.com/zitadel/zitadel (Go) Jul 5, 2024
cybertransformer Credited to cybertransformer, livio-a, fforootd, Avolicious, AmirhoseinBrz, and srividyaj livio-a livio-a
fforootd fforootd Avolicious Avolicious AmirhoseinBrz AmirhoseinBrz srividyaj srividyaj
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database