Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,272
Erlang
31
GitHub Actions
21
Go
2,047
Maven
5,000+
npm
3,739
NuGet
668
pip
3,415
Pub
12
RubyGems
891
Rust
868
Swift
36
Unreviewed advisories
All unreviewed
5,000+

7,490 advisories

Loading
Systeminformation has command injection vulnerability in getWindowsIEEE8021x (SSID) High
CVE-2024-56334 was published for systeminformation (npm) Dec 20, 2024
xAiluros
Socialstream has a Potential Account Takeover Vulnerability in Social Account Linking Due to Missing User Consent After OAuth Callback High
CVE-2024-56329 was published for joelbutcher/socialstream (Composer) Dec 20, 2024
carlosmintfan
Apache Tomcat Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability High
CVE-2024-56337 was published for org.apache.tomcat:tomcat-catalina (Maven) Dec 20, 2024
Oqtane Framework Incorrect Access Control vulnerability High
CVE-2024-55470 was published for Oqtane.Framework (NuGet) Dec 20, 2024
Browsershot Improper Input Validation vulnerability High
CVE-2024-21549 was published for spatie/browsershot (Composer) Dec 20, 2024
pyrage vulnerable to malicious plugin names, recipients, or identities causing arbitrary binary execution High
CVE-2024-56327 was published for pyrage (pip) Dec 19, 2024
gaby woodruffw
Duplicate Advisory: Keycloak Open Redirect vulnerability High
GHSA-vvf8-2h68-9475 was published for org.keycloak:keycloak-services (Maven) Sep 19, 2024 withdrawn
Keycloak has session fixation in Elytron SAML adapters High
CVE-2024-7341 was published for org.keycloak:keycloak-services (Maven) Oct 14, 2024
Chetven
Duplicate Advisory: Keycloak Session Fixation vulnerability High
GHSA-j76j-rqwj-jmvv was published for org.keycloak:keycloak-services (Maven) Sep 9, 2024 withdrawn
stianst
Improper Verification of SAML Responses Leading to Privilege Escalation in Keycloak High
CVE-2024-8698 was published for org.keycloak:keycloak-saml-core (Maven) Oct 14, 2024
Chetven
MinIO vulnerable to privilege escalation in IAM import API High
CVE-2024-55949 was published for github.com/minio/minio (Go) Dec 16, 2024
Request smuggling leading to endpoint restriction bypass in Gunicorn High
CVE-2024-1135 was published for gunicorn (pip) Apr 16, 2024
Spring Framework Path Traversal vulnerability High
CVE-2024-38819 was published for org.springframework:spring-webflux (Maven) Dec 19, 2024
OpenShift Must Gather Operator Improper Input Validation vulnerability High
CVE-2024-25131 was published for github.com/openshift/must-gather (Go) Dec 19, 2024
Astro's server source code is exposed to the public if sourcemaps are enabled High
CVE-2024-56159 was published for astro (npm) Dec 19, 2024
lilnasy
Remote code execution in php-heic-to-jpg High
CVE-2024-48514 was published for maestroerror/php-heic-to-jpg (Composer) Oct 24, 2024
undertow: information leakage via HTTP/2 request header reuse High
CVE-2024-4109 was published for io.undertow:undertow-core (Maven) Dec 12, 2024
WhoDB Allows Unbounded Memory Consumption in Authentication Middleware Can Lead to Denial of Service High
GHSA-5pf6-cq2v-23ww was published for github.com/clidey/whodb/core (Go) Dec 19, 2024
thevilledev
Next.js authorization bypass vulnerability High
CVE-2024-51479 was published for next (npm) Dec 17, 2024
tyage
Django vulnerable to Reflected File Download attack High
CVE-2022-36359 was published for Django (pip) Aug 11, 2022
sunSUNQ levpachmanov
G-Rath
Non-linear parsing of case-insensitive content in golang.org/x/net/html High
CVE-2024-45338 was published for golang.org/x/net (Go) Dec 18, 2024
org.keycloak:keycloak-services has Inefficient Regular Expression Complexity High
CVE-2024-10270 was published for org.keycloak:keycloak-services (Maven) Nov 25, 2024
AdamKorcz
Databricks JDBC Driver Command Injection vulnerability High
CVE-2024-49194 was published for com.databricks:databricks-jdbc (Maven) Dec 17, 2024
Apache Tomcat Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability High
CVE-2024-50379 was published for org.apache.tomcat:tomcat-catalina (Maven) Dec 17, 2024
TShock Security Escalation Exploit High
GHSA-hvm9-wc8j-mgrc was published for TShock (NuGet) Dec 18, 2024
sgkoishi THEXN
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database