GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,272
Erlang
31
GitHub Actions
21
Go
2,047
Maven
5,000+
npm
3,739
NuGet
668
pip
3,415
Pub
12
RubyGems
891
Rust
868
Swift
36
Unreviewed advisories
All unreviewed
5,000+
7,490 advisories
Filter by severity
Laravel environment manipulation via query string
High
CVE-2024-52301
was published
for
laravel/framework
(Composer)
Nov 12, 2024
Systeminformation has command injection vulnerability in getWindowsIEEE8021x (SSID)
High
CVE-2024-56334
was published
for
systeminformation
(npm)
Dec 20, 2024
Socialstream has a Potential Account Takeover Vulnerability in Social Account Linking Due to Missing User Consent After OAuth Callback
High
CVE-2024-56329
was published
for
joelbutcher/socialstream
(Composer)
Dec 20, 2024
Apache Tomcat Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability
High
CVE-2024-56337
was published
for
org.apache.tomcat:tomcat-catalina
(Maven)
Dec 20, 2024
Oqtane Framework Incorrect Access Control vulnerability
High
CVE-2024-55470
was published
for
Oqtane.Framework
(NuGet)
Dec 20, 2024
Browsershot Improper Input Validation vulnerability
High
CVE-2024-21549
was published
for
spatie/browsershot
(Composer)
Dec 20, 2024
pyrage vulnerable to malicious plugin names, recipients, or identities causing arbitrary binary execution
High
CVE-2024-56327
was published
for
pyrage
(pip)
Dec 19, 2024
Duplicate Advisory: Keycloak Open Redirect vulnerability
High
GHSA-vvf8-2h68-9475
was published
for
org.keycloak:keycloak-services
(Maven)
Sep 19, 2024
•
withdrawn
Keycloak has session fixation in Elytron SAML adapters
High
CVE-2024-7341
was published
for
org.keycloak:keycloak-services
(Maven)
Oct 14, 2024
Duplicate Advisory: Keycloak Session Fixation vulnerability
High
GHSA-j76j-rqwj-jmvv
was published
for
org.keycloak:keycloak-services
(Maven)
Sep 9, 2024
•
withdrawn
Improper Verification of SAML Responses Leading to Privilege Escalation in Keycloak
High
CVE-2024-8698
was published
for
org.keycloak:keycloak-saml-core
(Maven)
Oct 14, 2024
MinIO vulnerable to privilege escalation in IAM import API
High
CVE-2024-55949
was published
for
github.com/minio/minio
(Go)
Dec 16, 2024
Request smuggling leading to endpoint restriction bypass in Gunicorn
High
CVE-2024-1135
was published
for
gunicorn
(pip)
Apr 16, 2024
Spring Framework Path Traversal vulnerability
High
CVE-2024-38819
was published
for
org.springframework:spring-webflux
(Maven)
Dec 19, 2024
OpenShift Must Gather Operator Improper Input Validation vulnerability
High
CVE-2024-25131
was published
for
github.com/openshift/must-gather
(Go)
Dec 19, 2024
Astro's server source code is exposed to the public if sourcemaps are enabled
High
CVE-2024-56159
was published
for
astro
(npm)
Dec 19, 2024
Remote code execution in php-heic-to-jpg
High
CVE-2024-48514
was published
for
maestroerror/php-heic-to-jpg
(Composer)
Oct 24, 2024
undertow: information leakage via HTTP/2 request header reuse
High
CVE-2024-4109
was published
for
io.undertow:undertow-core
(Maven)
Dec 12, 2024
WhoDB Allows Unbounded Memory Consumption in Authentication Middleware Can Lead to Denial of Service
High
GHSA-5pf6-cq2v-23ww
was published
for
github.com/clidey/whodb/core
(Go)
Dec 19, 2024
Next.js authorization bypass vulnerability
High
CVE-2024-51479
was published
for
next
(npm)
Dec 17, 2024
Django vulnerable to Reflected File Download attack
High
CVE-2022-36359
was published
for
Django
(pip)
Aug 11, 2022
Non-linear parsing of case-insensitive content in golang.org/x/net/html
High
CVE-2024-45338
was published
for
golang.org/x/net
(Go)
Dec 18, 2024
org.keycloak:keycloak-services has Inefficient Regular Expression Complexity
High
CVE-2024-10270
was published
for
org.keycloak:keycloak-services
(Maven)
Nov 25, 2024
Databricks JDBC Driver Command Injection vulnerability
High
CVE-2024-49194
was published
for
com.databricks:databricks-jdbc
(Maven)
Dec 17, 2024
Apache Tomcat Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability
High
CVE-2024-50379
was published
for
org.apache.tomcat:tomcat-catalina
(Maven)
Dec 17, 2024
ProTip!
Advisories are also available from the
GraphQL API