Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
49
Go
3,436
Maven
5,000+
npm
5,000+
NuGet
883
pip
4,694
Pub
13
RubyGems
1,029
Rust
1,212
Swift
53
Unreviewed advisories
All unreviewed
5,000+

28,615 advisories

Loading
Remote Code Execution Vulnerability in Microsoft Django Backend for SQL Server High
CVE-2024-26164 was published for mssql-django (pip) Mar 12, 2024
ASA-2024-006: ValidateVoteExtensions helper function in Cosmos SDK may allow incorrect voting power assumptions High
GHSA-95rx-m9m5-m94v was published for github.com/cosmos/cosmos-sdk (Go) Mar 12, 2024
StimulusReflex arbitrary method call High
CVE-2024-28121 was published for stimulus_reflex (RubyGems) Mar 12, 2024
FelixMartel Credited to FelixMartel, marcoroth, and matt-phylum marcoroth marcoroth
matt-phylum matt-phylum
Cross-site Scripting (XSS) possible with maliciously formed HTML attribute names and values in Phlex High
CVE-2024-28199 was published for phlex (RubyGems) Mar 12, 2024
p8 Credited to p8, joeldrapper, and willcosgrove joeldrapper joeldrapper
willcosgrove willcosgrove
Account Takeover via Session Fixation in Zitadel [Bypassing MFA] High
CVE-2024-28197 was published for github.com/zitadel/zitadel (Go) Mar 11, 2024
amit-laish Credited to amit-laish
1Panel is vulnerable to command injection Moderate
CVE-2024-2352 was published for github.com/1Panel-dev/1Panel (Go) Mar 10, 2024
raspap-webgui vulnerable to denial of service High
CVE-2024-28754 was published for billz/raspap-webgui (Composer) Mar 9, 2024
WeasyPrint allows the attachment of arbitrary files and URLs to a PDF High
CVE-2024-28184 was published for weasyprint (pip) Mar 8, 2024
nullie Credited to nullie
LibOSDP RMAC revert to the beginning of the session Moderate
CVE-2024-52288 was published for libosdp (pip) Mar 8, 2024
e-ot Credited to e-ot
LibOSDP vulnerable to a null pointer deref in osdp_reply_name Moderate
CVE-2024-52296 was published for libosdp (pip) Mar 8, 2024
e-ot Credited to e-ot
Django MarkdownX Cross-Site Scripting (XSS) vulnerability Moderate
CVE-2024-2319 was published for django-markdownx (pip) Mar 8, 2024
JWX vulnerable to a denial of service attack using compressed JWE message Moderate
CVE-2024-28122 was published for github.com/lestrrat-go/jwx (Go) Mar 8, 2024
zer0yu Credited to zer0yu
Go JOSE vulnerable to Improper Handling of Highly Compressed Data (Data Amplification) Moderate
CVE-2024-28180 was published for github.com/go-jose/go-jose/v3 (Go) Mar 7, 2024
zer0yu Credited to zer0yu, chenjj, hectorj2f, and vrv7567 chenjj chenjj
hectorj2f hectorj2f vrv7567 vrv7567
pgAdmin 4 vulnerable to Unsafe Deserialization and Remote Code Execution by an Authenticated user Critical
CVE-2024-2044 was published for pgAdmin4 (pip) Mar 7, 2024
TheZ3ro Credited to TheZ3ro
kubevirt-csi: PersistentVolume allows access to HCP's root node High
CVE-2024-1725 was published for github.com/kubevirt/csi-driver (Go) Mar 7, 2024
Grafana's users with permissions to create a data source can CRUD all data sources High
CVE-2024-1442 was published for github.com/grafana/grafana (Go) Mar 7, 2024
jose vulnerable to resource exhaustion via specifically crafted JWE with compressed plaintext Moderate
CVE-2024-28176 was published for jose (npm) Mar 7, 2024
P3ngu1nW Credited to P3ngu1nW and panva panva panva
Wasmi Out-of-bounds Write for host to Wasm calls with more than 128 Parameters High
CVE-2024-28123 was published for wasmi (Rust) Mar 7, 2024
PaddlePaddle Path Traversal vulnerability Critical
CVE-2024-0818 was published for paddlepaddle (pip) Mar 7, 2024
PaddlePaddle vulnerable to remote code execution Critical
CVE-2024-0917 was published for paddlepaddle (pip) Mar 7, 2024
nGrinder vulnerable to unsafe Java objects deserialization Critical
CVE-2024-28213 was published for org.ngrinder:ngrinder-core (Maven) Mar 7, 2024
PaddlePaddle command injection in paddle.utils.download._wget_download High
CVE-2024-0815 was published for paddlepaddle (pip) Mar 7, 2024
PaddlePaddle command injection vulnerability High
CVE-2024-0817 was published for paddlepaddle (pip) Mar 7, 2024
Go SDK for CloudEvents's use of WithRoundTripper to create a Client leaks credentials High
CVE-2024-28110 was published for github.com/cloudevents/sdk-go/v2 (Go) Mar 6, 2024
mattmoor Credited to mattmoor, tcnghia, and sunnypatell tcnghia tcnghia
sunnypatell sunnypatell
JWCrypto vulnerable to JWT bomb Attack in `deserialize` function Moderate
CVE-2024-28102 was published for jwcrypto (pip) Mar 6, 2024
P3ngu1nW Credited to P3ngu1nW
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database