GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,683
Erlang
29
GitHub Actions
16
Go
1,708
Maven
4,944
npm
3,473
NuGet
603
pip
2,995
Pub
10
RubyGems
826
Rust
773
Swift
34
Unreviewed advisories
All unreviewed
5,000+
1,044 advisories
Filter by severity
Keycloak DoS via account lockout
Low
CVE-2024-1722
was published
for
org.keycloak:keycloak-core
(Maven)
Feb 29, 2024
Concrete CMS Stored XSS
Low
CVE-2023-49337
was published
for
concrete5/concrete5
(Composer)
Feb 29, 2024
Rack has possible DoS Vulnerability with Range Header
Low
CVE-2024-26141
was published
for
rack
(RubyGems)
Feb 28, 2024
Rack Header Parsing leads to Possible Denial of Service Vulnerability
Low
CVE-2024-26146
was published
for
rack
(RubyGems)
Feb 28, 2024
ASA-2024-004: Default configuration param for Evidence may limit window of validity
Low
GHSA-555p-m4v6-cqxv
was published
for
github.com/cometbft/cometbft
(Go)
Feb 28, 2024
ASA-2024-005: Potential slashing evasion during re-delegation
Low
GHSA-86h5-xcpx-cfqc
was published
for
github.com/cosmos/cosmos-sdk
(Go)
Feb 27, 2024
Rails has possible ReDoS vulnerability in Accept header parsing in Action Dispatch
Low
CVE-2024-26142
was published
for
actionpack
(RubyGems)
Feb 27, 2024
Vyper's `extract32` can ready dirty memory
Low
CVE-2024-24564
was published
for
vyper
(pip)
Feb 26, 2024
Vyper's `_abi_decode` vulnerable to Memory Overflow
Low
CVE-2024-26149
was published
for
vyper
(pip)
Feb 26, 2024
PyPop C extensions possible vulnerability: missing arguments and redundant null pointers
Low
GHSA-p4m5-32pr-2hqr
was published
for
pypop-genomics
(pip)
Feb 26, 2024
es5-ext vulnerable to Regular Expression Denial of Service in `function#copy` and `function#toStringTokens`
Low
CVE-2024-27088
was published
for
es5-ext
(npm)
Feb 26, 2024
Apache Camel data exposure vulnerability
Low
CVE-2024-22371
was published
for
org.apache.camel:camel-core
(Maven)
Feb 26, 2024
langchain Server-Side Request Forgery vulnerability
Low
CVE-2024-0243
was published
for
langchain
(pip)
Feb 26, 2024
Authorization Bypass in moodle
Low
CVE-2024-25983
was published
for
moodle/moodle
(Composer)
Feb 19, 2024
Vulnerability affecting the org.openjfx:javafx-media maven component of the OpenJFX project
Low
CVE-2024-20925
was published
for
org.openjfx:javafx-media
(Maven)
Feb 17, 2024
tuf's Metadata API: Targets.get_delegated_role() is missing input validation
Low
GHSA-77hh-43cm-v8j6
was published
for
tuf
(pip)
Feb 16, 2024
Undici proxy-authorization header not cleared on cross-origin redirect in fetch
Low
CVE-2024-24758
was published
for
undici
(npm)
Feb 16, 2024
lambda-middleware Inefficient Regular Expression Complexity vulnerability
Low
CVE-2021-4437
was published
for
@lambda-middleware/json-deserializer
(npm)
Feb 12, 2024
Concrete CMS vulnerable to stored XSS via the Role Name field
Low
CVE-2024-1247
was published
for
concrete5/concrete5
(Composer)
Feb 9, 2024
Concrete CMS vulnerable to reflected XSS via the Image URL Import Feature
Low
CVE-2024-1246
was published
for
concrete5/concrete5
(Composer)
Feb 9, 2024
Concrete CMS vulnerable to stored XSS in file tags and description attributes
Low
CVE-2024-1245
was published
for
concrete5/concrete5
(Composer)
Feb 9, 2024
Apache Solr Schema Designer blindly "trusts" all configsets
Low
CVE-2023-50292
was published
for
org.apache.solr:solr-core
(Maven)
Feb 9, 2024
Apache Solr's Streaming Expressions allow users to extract data from other Solr Clouds
Low
CVE-2023-50298
was published
for
org.apache.solr:solr-solrj
(Maven)
Feb 9, 2024
commonground-api-common unexploitable privilege escalation in JWT authentication middleware
Low
GHSA-c4cm-r9fh-jgj9
was published
for
commonground-api-common
(pip)
Feb 9, 2024
ProTip!
Advisories are also available from the
GraphQL API