GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,444
Erlang
29
GitHub Actions
16
Go
1,668
Maven
4,928
npm
3,458
NuGet
595
pip
2,876
Pub
10
RubyGems
823
Rust
766
Swift
34
Unreviewed advisories
All unreviewed
5,000+
18,431 advisories
Filter by severity
Mattermost fails to limit the number of active sessions
Moderate
CVE-2024-4183
was published
for
github.com/mattermost/mattermost-server
(Go)
Apr 26, 2024
Mattermost fails to fully validate role changes
Low
CVE-2024-4198
was published
for
github.com/mattermost/mattermost-server
(Go)
Apr 26, 2024
Withdrawn: Runc allows an arbitrary systemd property to be injected
High
GHSA-c5pj-mqfh-rvc3
was published
for
github.com/opencontainers/runc
(Go)
Apr 26, 2024
•
withdrawn
Passbolt API allows HTML injection
Moderate
CVE-2024-33670
was published
for
passbolt/passbolt_api
(Composer)
Apr 26, 2024
python-jose algorithm confusion with OpenSSH ECDSA keys
High
CVE-2024-33663
was published
for
python-jose
(pip)
Apr 26, 2024
python-jose denial of service via compressed JWE content
Moderate
CVE-2024-33664
was published
for
python-jose
(pip)
Apr 26, 2024
vyper's range(start, start + N) reverts for negative numbers
Moderate
CVE-2024-32481
was published
for
vyper
(pip)
Apr 25, 2024
vyper performs incorrect topic logging in raw_log
Moderate
CVE-2024-32645
was published
for
vyper
(pip)
Apr 25, 2024
vyper performs double eval of the slice args when buffer from adhoc locations
Moderate
CVE-2024-32646
was published
for
vyper
(pip)
Apr 25, 2024
vyper performs double eval of raw_args in create_from_blueprint
Moderate
CVE-2024-32647
was published
for
vyper
(pip)
Apr 25, 2024
vyper default functions don't respect nonreentrancy keys
Moderate
CVE-2024-32648
was published
for
vyper
(pip)
Apr 25, 2024
vyper performs double eval of the argument of sqrt
Moderate
CVE-2024-32649
was published
for
vyper
(pip)
Apr 25, 2024
PHPECC vulnerable to multiple cryptographic side-channel attacks
Critical
GHSA-346h-749j-r28w
was published
for
mdanter/ecc
(Composer)
Apr 25, 2024
ZITADEL's Improper Lockout Mechanism Leads to MFA Bypass
Moderate
CVE-2024-32868
was published
for
github.com/zitadel/zitadel
(Go)
Apr 25, 2024
CoreDNS may return invalid cache entries
Moderate
CVE-2024-0874
was published
for
github.com/coredns/coredns
(Go)
Apr 25, 2024
Jberet: jberet-core logging database credentials
Moderate
CVE-2024-1102
was published
for
org.jberet:jberet-core
(Maven)
Apr 25, 2024
Quarkus: security checks in resteasy reactive may trigger a denial of service
Moderate
CVE-2024-1726
was published
for
io.quarkus.resteasy.reactive:resteasy-reactive
(Maven)
Apr 25, 2024
Quarkus: authorization flaw in quarkus resteasy reactive and classic
Moderate
CVE-2023-5675
was published
for
io.quarkus:quarkus-resteasy-reactive-common
(Maven)
Apr 25, 2024
Cluster Monitoring Operator contains a credentials leak
High
CVE-2024-1139
was published
for
github.com/openshift/cluster-monitoring-operator
(Go)
Apr 25, 2024
Information disclosure in podman
Moderate
CVE-2020-14370
was published
for
github.com/containers/podman/v2
(Go)
Apr 24, 2024
Heketi Arbitrary Code Execution
High
CVE-2017-15103
was published
for
github.com/heketi/heketi
(Go)
Apr 24, 2024
pyLoad allows upload to arbitrary folder lead to RCE
Critical
CVE-2024-32880
was published
for
pyload-ng
(pip)
Apr 24, 2024
Rancher does not properly specify ApiGroup when creating Kubernetes RBAC resources
High
CVE-2021-25318
was published
for
github.com/rancher/rancher
(Go)
Apr 24, 2024
Rancher Privilege escalation vulnerability via malicious "Connection" header
High
CVE-2021-31999
was published
for
github.com/rancher/rancher
(Go)
Apr 24, 2024
Rancher's Steve API Component Improper authorization check allows privilege escalation
High
CVE-2021-36776
was published
for
github.com/rancher/rancher
(Go)
Apr 24, 2024
ProTip!
Advisories are also available from the
GraphQL API