GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,132
Erlang
29
GitHub Actions
19
Go
1,937
Maven
5,000+
npm
3,676
NuGet
642
pip
3,292
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+
8,981 advisories
Filter by severity
PhpSpreadsheet allows absolute path traversal and Server-Side Request Forgery in HTML writer when embedding images is enabled
Moderate
CVE-2024-45291
was published
for
phpoffice/phpspreadsheet
(Composer)
Oct 7, 2024
Untrusted data can lead to DoS attack due to hash collisions and stack overflow in MessagePack
Moderate
CVE-2020-5234
was published
for
MessagePack
(NuGet)
Jan 31, 2020
rdiffweb vulnerable to Use of Cache Containing Sensitive Information
Moderate
CVE-2022-3292
was published
for
rdiffweb
(pip)
Sep 29, 2022
Radicale regex metacharacters injection in the user name
Moderate
CVE-2015-8748
was published
for
Radicale
(pip)
May 17, 2022
PyWBEM TOCTOU vulnerability in certificate validation
Moderate
CVE-2013-6444
was published
for
pywbem
(pip)
May 17, 2022
Possible ReDoS vulnerability in query parameter filtering in Action Dispatch
Moderate
CVE-2024-41128
was published
for
actionpack
(RubyGems)
Oct 15, 2024
Taipy has a Session Cookie without Secure and HTTPOnly flags
Moderate
CVE-2024-47833
was published
for
taipy
(pip)
Aug 27, 2024
svix vulnerable to Authentication Bypass
Moderate
CVE-2024-21491
was published
for
svix
(Rust)
Feb 13, 2024
Jberet: jberet-core logging database credentials
Moderate
CVE-2024-1102
was published
for
org.jberet:jberet-core
(Maven)
Apr 25, 2024
caddy-security plugin for Caddy vulnerable to reflected Cross-site Scripting
Moderate
CVE-2023-52430
was published
for
github.com/greenpau/caddy-security
(Go)
Feb 13, 2024
Infinite loop in github.com/gomarkdown/markdown
Moderate
CVE-2024-44337
was published
for
github.com/gomarkdown/markdown
(Go)
Oct 15, 2024
Link Following in github.com/containers/common
Moderate
CVE-2024-9341
was published
for
github.com/containers/common
(Go)
Oct 1, 2024
Evmos allows unvested token delegations
Moderate
CVE-2024-37154
was published
for
github.com/evmos/evmos/v10
(Go)
Jun 6, 2024
Denial of service in langchain-community
Moderate
CVE-2024-2965
was published
for
langchain-community
(pip)
Jun 6, 2024
Hano allows bypass of CSRF Middleware by a request without Content-Type header.
Moderate
CVE-2024-48913
was published
for
hono
(npm)
Oct 15, 2024
Plone Filesystem path information leak
Moderate
CVE-2013-7060
was published
for
Products.CMFPlone
(pip)
May 17, 2022
Cross site scripting in markdown-to-jsx
Moderate
CVE-2024-21535
was published
for
markdown-to-jsx
(npm)
Oct 15, 2024
Plone Cross-site Scripting (XSS) vulnerability
Moderate
CVE-2016-7139
was published
for
Plone
(pip)
May 14, 2022
Plone Privilege escalation through exposed underlying API
Moderate
CVE-2013-7061
was published
for
Plone
(pip)
May 17, 2022
Cross-site scripting (XSS) in the clipboard package
Moderate
CVE-2024-45613
was published
for
@ckeditor/ckeditor5-clipboard
(npm)
Sep 25, 2024
Plone is vulnerable to Information Exposure when generating zip archives
Moderate
CVE-2013-4191
was published
for
plone
(pip)
May 17, 2022
Plone Authenticated Denial of Service vulnerability
Moderate
CVE-2013-4188
was published
for
plone
(pip)
May 17, 2022
Plone XSS in User Fullname Property and File Upload
Moderate
CVE-2021-3313
was published
for
plone
(pip)
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API