Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
2,450
Erlang
24
GitHub Actions
15
Go
1,379
Maven
4,442
npm
3,275
NuGet
558
pip
2,302
Pub
8
RubyGems
782
Rust
693
Swift
33
Unreviewed advisories
All unreviewed
5,000+

15,766 advisories

Hyperledger Aries Cloud Agent Python result of presentation verification not checked for LDP-VC Critical
CVE-2024-21669 was published for aries-cloudagent (pip) Jan 9, 2024
dbluhm
Microsoft Security Advisory CVE-2024-21319: .NET Denial of Service Vulnerability Moderate
GHSA-59j7-ghrg-fj52 was published for Microsoft.IdentityModel.JsonWebTokens (NuGet) Jan 9, 2024
react-native-mmkv Insertion of Sensitive Information into Log File vulnerability Moderate
CVE-2024-21668 was published for react-native-mmkv (npm) Jan 9, 2024
Microsoft Identity Denial of service vulnerability Moderate
CVE-2024-21319 was published for Microsoft.IdentityModel.JsonWebTokens (NuGet) Jan 9, 2024
morganbr jennyf19
jmprieur
Microsoft.IdentityModel.Protocols.SignedHttpRequest remote code execution vulnerability High
CVE-2024-21643 was published for Microsoft.IdentityModel.Protocols.SignedHttpRequest (NuGet) Jan 9, 2024
rymeskar jmprieur
jennyf19 TimHannMSFT
Parsing JSON serialized payload without protected field can lead to segfault Moderate
CVE-2024-21664 was published for github.com/lestrrat-go/jwx/v2/jws (Go) Jan 9, 2024
frestr
fonttools XML External Entity Injection (XXE) Vulnerability High
CVE-2023-45139 was published for fonttools (pip) Jan 9, 2024
acornall
Qualys Jenkins Plugin for WAS XML External Entity vulnerability Moderate
CVE-2023-6149 was published for com.qualys.plugins:qualys-was (Maven) Jan 9, 2024
Qualys Jenkins Plugin for Policy Compliance XML External Entity vulnerability Moderate
CVE-2023-6147 was published for com.qualys.plugins:qualys-pc (Maven) Jan 9, 2024
juzawebCMS Incorrect Access Control vulnerability Moderate
CVE-2023-46906 was published for juzaweb/cms (Composer) Jan 9, 2024
CIRCL's Kyber: timing side-channel (kyberslash2) High
GHSA-9763-4f94-gfch was published for github.com/cloudflare/circl (Go) Jan 8, 2024
XWiki vulnerable to Denial of Service attack through attachments High
CVE-2024-21651 was published for org.xwiki.platform:xwiki-platform-distribution-war (Maven) Jan 8, 2024
XWiki Remote Code Execution Vulnerability via User Registration Critical
CVE-2024-21650 was published for org.xwiki.platform:xwiki-platform-administration-ui (Maven) Jan 8, 2024
XWiki has no right protection on rollback action High
CVE-2024-21648 was published for org.xwiki.platform:xwiki-platform (Maven) Jan 8, 2024
Puma HTTP Request/Response Smuggling vulnerability Moderate
CVE-2024-21647 was published for puma (RubyGems) Jan 8, 2024
bartekn
pyload Unauthenticated Flask Configuration Leakage vulnerability High
CVE-2024-21644 was published for pyload-ng (pip) Jan 8, 2024
PinkDraconian
pyload Log Injection vulnerability Moderate
CVE-2024-21645 was published for pyload-ng (pip) Jan 8, 2024
PinkDraconian
@fastify/reply-from JSON Content-Type parsing confusion Moderate
CVE-2023-51701 was published for @fastify/reply-from (npm) Jan 8, 2024
qwerty472123
Apache Axis Improper Input Validation vulnerability Moderate
CVE-2023-51441 was published for org.apache.axis:axis (Maven) Jan 6, 2024
D-Tale server-side request forgery through Web uploads High
CVE-2024-21642 was published for dtale (pip) Jan 5, 2024
sylwia-budzynska
Flarum's logout Route allows open redirects Low
CVE-2024-21641 was published for flarum/core (Composer) Jan 5, 2024
imorland DavideIadeluca
Kruise allows leveraging the kruise-daemon pod to list all secrets in the entire cluster Moderate
CVE-2023-30617 was published for github.com/openkruise/kruise (Go) Jan 5, 2024
PyCryptodome and pycryptodomex side-channel leakage for OAEP decryption Moderate
CVE-2023-52323 was published for pycryptodome (pip) Jan 5, 2024
Firefly III allows webhooks HTML Injection. Moderate
CVE-2024-22075 was published for grumpydictator/firefly-iii (Composer) Jan 5, 2024
view_component Cross-site Scripting vulnerability Moderate
CVE-2024-21636 was published for view_component (RubyGems) Jan 4, 2024
BlakeWilliams camertron
ProTip! Advisories are also available from the GraphQL API