GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,285
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,741
NuGet
668
pip
3,422
Pub
12
RubyGems
892
Rust
875
Swift
36
Unreviewed advisories
All unreviewed
5,000+
20,972 advisories
Filter by severity
Password Pusher Allows Session Token Interception Leading to Potential Hijacking
Moderate
CVE-2024-56733
was published
for
pwpush
(RubyGems)
Dec 30, 2024
Apache Superset: Improper Neutralization of custom SQL on embedded context
Moderate
CVE-2024-24772
was published
for
apache-superset
(pip)
Feb 28, 2024
Django denial-of-service in django.utils.html.strip_tags()
Moderate
CVE-2024-53907
was published
for
Django
(pip)
Dec 6, 2024
Cross-site Scripting in djangorestframework
Low
CVE-2024-21520
was published
for
djangorestframework
(pip)
Jun 26, 2024
TeamPass privileges issue
Critical
CVE-2024-50703
was published
for
nilsteampassnet/teampass
(Composer)
Dec 30, 2024
TeamPass mail_me operation authorization issue
Moderate
CVE-2024-50702
was published
for
nilsteampassnet/teampass
(Composer)
Dec 30, 2024
TeamPass does not properly check whether a folder is in a user's allowed folders list
Moderate
CVE-2024-50701
was published
for
nilsteampassnet/teampass
(Composer)
Dec 30, 2024
Better Auth has an Open Redirect Vulnerability in Verify Email Endpoint
High
CVE-2024-56734
was published
for
better-auth
(npm)
Dec 30, 2024
LGSL has a reflected XSS at /lgsl_files/lgsl_list.php
Moderate
CVE-2024-56517
was published
for
tltneon/lgsl
(Composer)
Dec 30, 2024
TCPDF has incorrect comparison
High
CVE-2024-56522
was published
for
tecnickcom/tcpdf
(Composer)
Dec 27, 2024
khoj has an IDOR in subscription management allows unauthorized subscription modifications
Moderate
CVE-2024-52294
was published
for
khoj
(pip)
Dec 30, 2024
magic-crypt uses insecure cryptographic algorithms
Low
GHSA-gmx7-gr5q-85w5
was published
for
magic-crypt
(Rust)
Dec 30, 2024
xous has unsound usages of `core::slice::from_raw_parts`
Low
GHSA-gv7f-5qqh-vxfx
was published
for
xous
(Rust)
Dec 30, 2024
Apache NiFi: Missing Complete Authorization for Parameter and Service References
Low
CVE-2024-56512
was published
for
org.apache.nifi:nifi-client-dto
(Maven)
Dec 28, 2024
Dcat-Admin Cross-Site Scripting (XSS) vulnerability
Moderate
CVE-2024-54775
was published
for
dcat/laravel-admin
(Composer)
Dec 28, 2024
Dcat Admin Cross-site Scripting (XSS) vulnerability
Moderate
CVE-2024-54774
was published
for
dcat/laravel-admin
(Composer)
Dec 28, 2024
Werkzeug possible resource exhaustion when parsing file data in forms
Moderate
CVE-2024-49767
was published
for
Quart
(pip)
Oct 25, 2024
TCPDF missing character escape on error messages
Moderate
CVE-2024-56527
was published
for
tecnickcom/tcpdf
(Composer)
Dec 27, 2024
TCPDF missing certificate validation
High
CVE-2024-56521
was published
for
tecnickcom/tcpdf
(Composer)
Dec 27, 2024
tecnickcom/tc-lib-pdf-font mishandles fonts
Moderate
CVE-2024-56520
was published
for
tecnickcom/tc-lib-pdf-font
(Composer)
Dec 27, 2024
TCPDF lacks SVG sanitization
Moderate
CVE-2024-56519
was published
for
tecnickcom/tcpdf
(Composer)
Dec 27, 2024
Jinja has a sandbox breakout through indirect reference to format method
Moderate
CVE-2024-56326
was published
for
jinja2
(pip)
Dec 23, 2024
changedetection.io Vulnerable to Improper Input Validation Leading to LFR/Path Traversal
High
CVE-2024-56509
was published
for
changedetection.io
(pip)
Dec 27, 2024
Exposure of Sensitive Information to an Unauthorized Actor in urllib3
Critical
CVE-2018-20060
was published
for
urllib3
(pip)
Dec 12, 2018
Elliptic's verify function omits uniqueness validation
Low
CVE-2024-48949
was published
for
elliptic
(npm)
Oct 10, 2024
ProTip!
Advisories are also available from the
GraphQL API