Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,279
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,421
Pub
12
RubyGems
891
Rust
873
Swift
36
Unreviewed advisories
All unreviewed
5,000+

20,960 advisories

Loading
Duplicate Advisory: cert-manager ha a potential slowdown / DoS when parsing specially crafted PEM inputs Moderate
CVE-2024-12401 was published for github.com/cert-manager/cert-manager (Go) Dec 12, 2024 withdrawn
io.quarkus.http/quarkus-http-core: Quarkus HTTP Cookie Smuggling High
CVE-2024-12397 was published for io.quarkus.http:quarkus-http-core (Maven) Dec 12, 2024
python-libarchive directory traversal High
CVE-2024-55587 was published for python-libarchive (pip) Dec 12, 2024
Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto Critical
CVE-2024-45337 was published for golang.org/x/crypto (Go) Dec 11, 2024
ryanbekhen SuperSandro2000
PQClean has a correctness error in HQC decapsulation High
GHSA-753p-wrj5-g8fj was published for pqcrypto-hqc (Rust) Dec 11, 2024
dgoudarzi SWilson4
SiYuan has an arbitrary file read via /api/template/render High
CVE-2024-55657 was published for github.com/siyuan-note/siyuan/kernel (Go) Dec 11, 2024
Elleuch-x1
SiYuan has an arbitrary file read and path traversal via /api/export/exportResources High
CVE-2024-55658 was published for github.com/siyuan-note/siyuan/kernel (Go) Dec 11, 2024
Elleuch-x1
SiYuan has an arbitrary file write in the host via /api/asset/upload High
CVE-2024-55659 was published for github.com/siyuan-note/siyuan/kernel (Go) Dec 11, 2024
Elleuch-x1
SiYuan has an SSTI via /api/template/renderSprig Moderate
CVE-2024-55660 was published for github.com/siyuan-note/siyuan/kernel (Go) Dec 11, 2024
Elleuch-x1
kcp's impersonation allows access to global administrative groups Moderate
GHSA-c7xh-gjv4-4jgv was published for github.com/kcp-dev/kcp (Go) Dec 11, 2024
sigstore has insufficient validation of integration timestamp during verification Low
CVE-2024-55655 was published for sigstore (pip) Dec 11, 2024
woodruffw haydentherapper
Apache Struts file upload logic is flawed Critical
CVE-2024-53677 was published for org.apache.struts:struts2-core (Maven) Dec 11, 2024
pnpm no-script global cache poisoning via overrides / `ignore-scripts` evasion Moderate
CVE-2024-53866 was published for pnpm (npm) Dec 10, 2024
ChALkeR
Possible Content Security Policy bypass in Action Dispatch Low
CVE-2024-54133 was published for actionpack (RubyGems) Dec 10, 2024
Avenwu Whistle Cross-Site Request Forgery (CSRF) High
CVE-2024-55500 was published for whistle (npm) Dec 10, 2024
CosmWasm VM Incorrect metering Moderate
GHSA-2q97-m5rc-p3gp was published for cosmwasm-vm (Go) Dec 10, 2024
Panic in wasmvm can slow down block production Moderate
GHSA-vmqh-5232-v43r was published for cosmwasm-vm (Go) Dec 10, 2024
Simulation of Wasmd message can cause crashing Low
GHSA-vmg2-r3xv-r3xf was published for github.com/CosmWasm/wasmd (Go) Dec 10, 2024
Angular Expressions - Remote Code Execution when using locals Critical
CVE-2024-54152 was published for angular-expressions (npm) Dec 10, 2024
JorianWoltjer
Withdrawn Advisory: Nette Database SQL injection Moderate
CVE-2024-55586 was published for nette/database (Composer) Dec 10, 2024 withdrawn
calvera CSIRTTrizna
luigi Arbitrary File Write via Archive Extraction (Zip Slip) High
CVE-2024-21542 was published for luigi (pip) Dec 10, 2024
Drupal core Access bypass Moderate
CVE-2024-55634 was published for drupal/core (Composer) Dec 10, 2024
Drupal core contains a potential PHP Object Injection vulnerability High
CVE-2024-55637 was published for drupal/core (Composer) Dec 10, 2024
Drupal core contains a potential PHP Object Injection vulnerability High
CVE-2024-55638 was published for drupal/core (Composer) Dec 10, 2024
Drupal core contains a potential PHP Object Injection vulnerability Low
CVE-2024-55636 was published for drupal/core (Composer) Dec 10, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database