GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,272
Erlang
31
GitHub Actions
21
Go
2,047
Maven
5,000+
npm
3,739
NuGet
668
pip
3,415
Pub
12
RubyGems
891
Rust
868
Swift
36
Unreviewed advisories
All unreviewed
5,000+
9,108 advisories
Filter by severity
Piranha CMS Cross-site Scripting vulnerability
Moderate
CVE-2024-55341
was published
for
Piranha
(NuGet)
Dec 20, 2024
Piranha CMS Cross-site Scripting vulnerability
Moderate
CVE-2024-55342
was published
for
Piranha
(NuGet)
Dec 20, 2024
age vulnerable to malicious plugin names, recipients, or identities causing arbitrary binary execution
Moderate
GHSA-32gq-x56h-299c
was published
for
filippo.io/age
(Go)
Dec 18, 2024
uptime-kuma vulnerable to Local File Inclusion (LFI) via Improper URL Handling in `Real-Browser` monitor
Moderate
CVE-2024-56331
was published
for
uptime-kuma
(npm)
Dec 20, 2024
Oqtane Framework Insecure Direct Object Reference vulnerability
Moderate
CVE-2024-55471
was published
for
Oqtane.Framework
(NuGet)
Dec 20, 2024
HTTP/2 Stream Cancellation Attack
Moderate
CVE-2023-44487
was published
for
com.typesafe.akka:akka-http-core
(Go)
Oct 10, 2023
Keycloak has Vulnerable Redirect URI Validation Results in Open Redirect
Moderate
CVE-2024-8883
was published
for
org.keycloak:keycloak-services
(Maven)
Oct 14, 2024
Keycloaks's One Time Passcode (OTP) is valid longer than expiration timeSeverity
Moderate
CVE-2024-7318
was published
for
org.keycloak:keycloak-core
(Maven)
Oct 14, 2024
Duplicate Advisory: Keycloak Uses a Key Past its Expiration Date
Moderate
GHSA-57rh-gr4v-j5f6
was published
for
org.keycloak:keycloak-core
(Maven)
Sep 9, 2024
•
withdrawn
Duplicate Advisory: Keycloak user may register themselves with same email ID of any existing user
Moderate
GHSA-j9xq-j329-2xvg
was published
for
org.keycloak:keycloak-core
(Maven)
Aug 27, 2022
•
withdrawn
Duplicate Advisory: Keycloak SAML signature validation flaw
Moderate
GHSA-4xx7-2cx3-x473
was published
for
org.keycloak:keycloak-saml-core
(Maven)
Sep 19, 2024
•
withdrawn
Improper Input Validation in Buildah and Podman
Moderate
CVE-2024-9407
was published
for
github.com/containers/buildah
(Go)
Oct 1, 2024
QOS.CH logback-core Expression Language Injection vulnerability
Moderate
CVE-2024-12798
was published
for
ch.qos.logback:logback-core
(Maven)
Dec 19, 2024
Hashicorp Nomad Incorrect Privilege Assignment vulnerability
Moderate
CVE-2024-12678
was published
for
github.com/hashicorp/nomad
(Go)
Dec 20, 2024
Withdrawn Advisory: Nette Database SQL injection
Moderate
CVE-2024-55586
was published
for
nette/database
(Composer)
Dec 10, 2024
•
withdrawn
urllib3's Proxy-Authorization request header isn't stripped during cross-origin redirects
Moderate
CVE-2024-37891
was published
for
urllib3
(pip)
Jun 17, 2024
openCart Server-Side Template Injection (SSTI) vulnerability
Moderate
CVE-2024-36694
was published
for
opencart/opencart
(Composer)
Jul 17, 2024
Duplicate Advisory: openCart Server-Side Template Injection (SSTI) vulnerability
Moderate
GHSA-j2v2-3784-vr44
was published
for
opencart/opencart
(Composer)
Dec 18, 2024
•
withdrawn
Atro CSRF Middleware Bypass (security.checkOrigin)
Moderate
CVE-2024-56140
was published
for
astro
(npm)
Dec 18, 2024
PGHoard Path Traversal vulnerability
Moderate
CVE-2024-56142
was published
for
pghoard
(pip)
Dec 17, 2024
Apache Tomcat Uncontrolled Resource Consumption vulnerability
Moderate
CVE-2024-54677
was published
for
org.apache.tomcat:tomcat-catalina
(Maven)
Dec 17, 2024
Beego has Collision Hazards of MD5 in Cache Key Filenames
Moderate
CVE-2024-55885
was published
for
github.com/beego/beego
(Go)
Dec 12, 2024
OctoPrint has API key access in settings without reauthentication
Moderate
CVE-2024-51493
was published
for
OctoPrint
(pip)
Nov 5, 2024
Unencrypted traffic between pods when using Wireguard and an external kvstore
Moderate
CVE-2024-25631
was published
for
github.com/cilium/cilium
(Go)
Feb 20, 2024
ProTip!
Advisories are also available from the
GraphQL API