Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,444
Erlang
29
GitHub Actions
16
Go
1,668
Maven
4,928
npm
3,458
NuGet
595
pip
2,876
Pub
10
RubyGems
823
Rust
766
Swift
34
Unreviewed advisories
All unreviewed
5,000+

18,431 advisories

vodozemac has degraded secret zeroization capabilities Low
CVE-2024-34063 was published for vodozemac (Rust) May 3, 2024
tqdm CLI arguments injection attack Low
CVE-2024-34062 was published for tqdm (pip) May 3, 2024
Vditor allows Cross-site Scripting via an attribute of an `A` element Moderate
CVE-2024-34449 was published for vditor (npm) May 3, 2024
Bouncy Castle Java Cryptography API vulnerable to DNS poisoning Low
CVE-2024-34447 was published for org.bouncycastle:bcprov-jdk12 (Maven) May 3, 2024
samueloph
piraeus-operator allows attacker to impersonate service account Moderate
CVE-2024-33398 was published for github.com/piraeusdatastore/piraeus-operator/v2 (Go) May 3, 2024
changedetection.io Cross-site Scripting vulnerability Moderate
CVE-2024-34061 was published for changedetection.io (pip) May 3, 2024
Nguyen-Trung-Kien
Some CORS middleware allow untrusted origins Critical
GHSA-v84h-653v-4pq9 was published for github.com/jub0bs/fcors (Go) May 3, 2024
jub0bs
Some CORS middleware allow untrusted origins Critical
GHSA-vhxv-fg4m-p2w8 was published for github.com/jub0bs/cors (Go) May 3, 2024
jub0bs
aiohttp vulnerable to Denial of Service when trying to parse malformed POST requests High
CVE-2024-30251 was published for aiohttp (pip) May 3, 2024
bytehope
Apache Hive Code Injection vulnerability Moderate
CVE-2023-35701 was published for org.apache.hive:hive-jdbc (Maven) May 3, 2024
oscerd
libxmljs2 type confusion vulnerability when parsing specially crafted XML High
CVE-2024-34393 was published for libxmljs2 (npm) May 2, 2024
libxmljs vulnerable to type confusion when parsing specially crafted XML High
CVE-2024-34391 was published for libxmljs (npm) May 2, 2024
libxmljs vulnerable to type confusion when parsing specially crafted XML High
CVE-2024-34394 was published for libxmljs2 (npm) May 2, 2024
karmada vulnerable to arbitrary code execution via a crafted command Moderate
CVE-2024-33396 was published for github.com/karmada-io/karmada (Go) May 2, 2024
libxmljs vulnerable to type confusion when parsing specially crafted XML High
CVE-2024-34392 was published for libxmljs (npm) May 2, 2024
kubevirt allows a local attacker to execute arbitrary code via a crafted command Moderate
CVE-2024-33394 was published for kubevirt.io/kubevirt (Go) May 2, 2024
pgAdmin is affected by a multi-factor authentication bypass vulnerability High
CVE-2024-4215 was published for pgadmin4 (pip) May 2, 2024
pgAdmin Cross-site Scripting vulnerability in /settings/store API response json payload High
CVE-2024-4216 was published for pgAdmin4 (pip) May 2, 2024
Jenkins Script Security Plugin has sandbox bypass vulnerability involving crafted constructor bodies High
CVE-2024-34144 was published for org.jenkins-ci.plugins:script-security (Maven) May 2, 2024
Jenkins Subversion Partial Release Manager Plugin programmatically disables the fix for CVE-2016-3721 Moderate
CVE-2024-34148 was published for org.jenkins-ci.plugins:partial-release-manager (Maven) May 2, 2024
Firebase vulnerable to CRSF attack Low
CVE-2024-4128 was published for firebase-tools (npm) May 2, 2024
Jenkins Telegram Bot Plugin stores the Telegram Bot token in plaintext Low
CVE-2024-34147 was published for org.jenkins-ci.plugins:telegrambot (Maven) May 2, 2024
Wildfly vulnerable to denial of service Moderate
CVE-2024-4029 was published for org.wildfly:wildfly-domain-http (Maven) May 2, 2024
Jenkins Script Security Plugin sandbox bypass vulnerability Moderate
CVE-2024-34145 was published for org.jenkins-ci.plugins:script-security (Maven) May 2, 2024
Apache ActiveMQ's default configuration doesn't secure the API web context High
CVE-2024-32114 was published for org.apache.activemq:apache-activemq (Maven) May 2, 2024
ProTip! Advisories are also available from the GraphQL API