Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,132
Erlang
29
GitHub Actions
19
Go
1,937
Maven
5,000+
npm
3,676
NuGet
642
pip
3,292
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+

8,981 advisories

Loading
PhpSpreadsheet allows absolute path traversal and Server-Side Request Forgery in HTML writer when embedding images is enabled Moderate
CVE-2024-45291 was published for phpoffice/phpspreadsheet (Composer) Oct 7, 2024
emilvirkki
Untrusted data can lead to DoS attack due to hash collisions and stack overflow in MessagePack Moderate
CVE-2020-5234 was published for MessagePack (NuGet) Jan 31, 2020
rdiffweb vulnerable to Use of Cache Containing Sensitive Information Moderate
CVE-2022-3292 was published for rdiffweb (pip) Sep 29, 2022
Radicale regex metacharacters injection in the user name Moderate
CVE-2015-8748 was published for Radicale (pip) May 17, 2022
PyWBEM TOCTOU vulnerability in certificate validation Moderate
CVE-2013-6444 was published for pywbem (pip) May 17, 2022
Possible ReDoS vulnerability in query parameter filtering in Action Dispatch Moderate
CVE-2024-41128 was published for actionpack (RubyGems) Oct 15, 2024
Taipy has a Session Cookie without Secure and HTTPOnly flags Moderate
CVE-2024-47833 was published for taipy (pip) Aug 27, 2024
mbiesiad
svix vulnerable to Authentication Bypass Moderate
CVE-2024-21491 was published for svix (Rust) Feb 13, 2024
Jberet: jberet-core logging database credentials Moderate
CVE-2024-1102 was published for org.jberet:jberet-core (Maven) Apr 25, 2024
caddy-security plugin for Caddy vulnerable to reflected Cross-site Scripting Moderate
CVE-2023-52430 was published for github.com/greenpau/caddy-security (Go) Feb 13, 2024
Infinite loop in github.com/gomarkdown/markdown Moderate
CVE-2024-44337 was published for github.com/gomarkdown/markdown (Go) Oct 15, 2024
Link Following in github.com/containers/common Moderate
CVE-2024-9341 was published for github.com/containers/common (Go) Oct 1, 2024
Evmos allows unvested token delegations Moderate
CVE-2024-37154 was published for github.com/evmos/evmos/v10 (Go) Jun 6, 2024
Denial of service in langchain-community Moderate
CVE-2024-2965 was published for langchain-community (pip) Jun 6, 2024
eyurtsev efriis
Hano allows bypass of CSRF Middleware by a request without Content-Type header. Moderate
CVE-2024-48913 was published for hono (npm) Oct 15, 2024
Plone Open Redirect Vulnerability Moderate
CVE-2016-7137 was published for plone (pip) May 14, 2022
Plone Filesystem path information leak Moderate
CVE-2013-7060 was published for Products.CMFPlone (pip) May 17, 2022
Cross site scripting in markdown-to-jsx Moderate
CVE-2024-21535 was published for markdown-to-jsx (npm) Oct 15, 2024
Plone Cross-site Scripting (XSS) vulnerability Moderate
CVE-2016-7139 was published for Plone (pip) May 14, 2022
Plone Privilege escalation through exposed underlying API Moderate
CVE-2013-7061 was published for Plone (pip) May 17, 2022
Cross-site scripting (XSS) in the clipboard package Moderate
CVE-2024-45613 was published for @ckeditor/ckeditor5-clipboard (npm) Sep 25, 2024
Plone is vulnerable to Information Exposure when generating zip archives Moderate
CVE-2013-4191 was published for plone (pip) May 17, 2022
Plone XSS Moderate
CVE-2016-7136 was published for plone (pip) May 14, 2022
Plone Authenticated Denial of Service vulnerability Moderate
CVE-2013-4188 was published for plone (pip) May 17, 2022
Plone XSS in User Fullname Property and File Upload Moderate
CVE-2021-3313 was published for plone (pip) May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database