GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,941
Erlang
29
GitHub Actions
16
Go
1,722
Maven
4,952
npm
3,481
NuGet
605
pip
3,049
Pub
10
RubyGems
832
Rust
778
Swift
34
Unreviewed advisories
All unreviewed
5,000+
908 advisories
Filter by severity
Mattermost race condition
Low
CVE-2024-1949
was published
for
github.com/mattermost/mattermost/server/v8
(Go)
Feb 29, 2024
Mattermost incorrectly allows access individual posts
Low
CVE-2024-1952
was published
for
github.com/mattermost/mattermost/server/v8
(Go)
Feb 29, 2024
Mattermost leaks details of AD/LDAP groups of a teams
Moderate
CVE-2024-23493
was published
for
github.com/mattermost/mattermost/server/v8
(Go)
Feb 29, 2024
Apache Superset: Improper error handling on alerts
Moderate
CVE-2024-27315
was published
for
apache-superset
(pip)
Feb 28, 2024
Rails has possible Sensitive Session Information Leak in Active Storage
Moderate
CVE-2024-26144
was published
for
activestorage
(RubyGems)
Feb 27, 2024
Apache Camel data exposure vulnerability
Low
CVE-2024-22371
was published
for
org.apache.camel:camel-core
(Maven)
Feb 26, 2024
sanitize-html Information Exposure vulnerability
Moderate
CVE-2024-21501
was published
for
sanitize-html
(npm)
Feb 24, 2024
Undici proxy-authorization header not cleared on cross-origin redirect in fetch
Low
CVE-2024-24758
was published
for
undici
(npm)
Feb 16, 2024
Scrapy authorization header leakage on cross-domain redirect
High
CVE-2024-3574
was published
for
scrapy
(pip)
Feb 15, 2024
TYPO3 vulnerable to Improper Access Control Persisting File Abstraction Layer Entities via Data Handler
High
CVE-2024-25121
was published
for
typo3/cms-core
(Composer)
Feb 13, 2024
TYPO3 vulnerable to Improper Access Control of Resources Referenced by t3:// URI Scheme
Moderate
CVE-2024-25120
was published
for
typo3/cms-core
(Composer)
Feb 13, 2024
TYPO3 Install Tool vulnerable to Information Disclosure of Encryption Key
Moderate
CVE-2024-25119
was published
for
typo3/cms-core
(Composer)
Feb 13, 2024
TYPO3 Backend Forms vulnerable to Information Disclosure of Hashed Passwords
Moderate
CVE-2024-25118
was published
for
typo3/cms-core
(Composer)
Feb 13, 2024
Apache Solr's Streaming Expressions allow users to extract data from other Solr Clouds
Low
CVE-2023-50298
was published
for
org.apache.solr:solr-solrj
(Maven)
Feb 9, 2024
NoneBot Potential Information Leak in User-Constructed Message Templates
Moderate
CVE-2024-21624
was published
for
nonebot2
(pip)
Feb 9, 2024
DIRAC's TokenManager does not check permissions on cached tokens
Critical
CVE-2024-24825
was published
for
DIRAC
(pip)
Feb 8, 2024
Liferay Portal vulnerable to user impersonation
High
CVE-2024-25148
was published
for
com.liferay.portal:release.dxp.bom
(Maven)
Feb 8, 2024
Apache Pulsar SASL Authentication Provider observable timing discrepancy vulnerability
High
CVE-2023-51437
was published
for
org.apache.pulsar:pulsar-broker-auth-sasl
(Maven)
Feb 7, 2024
containerd environment variable leak
Moderate
CVE-2021-21334
was published
for
github.com/containerd/containerd
(Go)
Jan 31, 2024
Enumeration of users in HashiCorp Vault
Moderate
CVE-2020-35177
was published
for
github.com/hashicorp/vault
(Go)
Jan 31, 2024
Grafana Arbitrary File Read
Moderate
CVE-2019-19499
was published
for
github.com/grafana/grafana/pkg/tsdb/mysql
(Go)
Jan 31, 2024
Apache ServiceComb Service-Center Exposure of Sensitive Information to an Unauthorized Actor vulnerability
Moderate
CVE-2023-44312
was published
for
github.com/apache/servicecomb-service-center
(Go)
Jan 31, 2024
Any authenticated user may obtain private message details from other users on the same instance
High
CVE-2024-23649
was published
for
lemmy_server
(Rust)
Jan 24, 2024
Shared projects are unconditionally discovered by Jenkins GitLab Branch Source Plugin
Moderate
CVE-2024-23901
was published
for
io.jenkins.plugins:gitlab-branch-source
(Maven)
Jan 24, 2024
Record titles for restricted records can be viewed if exposed by GridFieldAddExistingAutocompleter
Moderate
CVE-2023-48714
was published
for
silverstripe/framework
(Composer)
Jan 23, 2024
ProTip!
Advisories are also available from the
GraphQL API