GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,273
Erlang
31
GitHub Actions
21
Go
2,055
Maven
5,000+
npm
3,739
NuGet
668
pip
3,417
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+
9,116 advisories
Filter by severity
Keycloak Path Traversal Vulnerability Due to External Control of File Name or Path
Moderate
CVE-2024-10492
was published
for
org.keycloak:keycloak-quarkus-server
(Maven)
Nov 25, 2024
libre-chat Path Traversal vulnerability
Moderate
CVE-2024-52787
was published
for
libre-chat
(pip)
Nov 25, 2024
rustls network-reachable panic in `Acceptor::accept`
Moderate
GHSA-qg5g-gv98-5ffh
was published
for
rustls
(Rust)
Nov 25, 2024
Duplicate Advisory: Keycloak proxy header handling Denial-of-Service (DoS) vulnerability
Moderate
GHSA-pcx7-8hxg-j823
was published
for
org.keycloak:keycloak-quarkus-server
(Maven)
Nov 25, 2024
•
withdrawn
Duplicate Advisory: Keycloak Build Process Exposes Sensitive Data
Moderate
GHSA-jcgg-mg9g-p9wf
was published
for
org.keycloak:keycloak-quarkus-server
(Maven)
Nov 25, 2024
•
withdrawn
Duplicate Advisory: org.keycloak:keycloak-services has Inefficient Regular Expression Complexity
Moderate
GHSA-j3x3-r585-4qhg
was published
for
org.keycloak:keycloak-services
(Maven)
Nov 25, 2024
•
withdrawn
OpenShift Console Server Side Request Forgery vulnerability
Moderate
CVE-2024-6538
was published
for
github.com/openshift/console
(Go)
Nov 25, 2024
OpenStack Neutron can use an incorrect ID during policy enforcement
Moderate
CVE-2024-53916
was published
for
neutron
(pip)
Nov 25, 2024
smol-toml has a Denial of Service via malicious TOML document using deeply nested inline tables
Moderate
GHSA-pqhp-25j4-6hq9
was published
for
smol-toml
(npm)
Nov 22, 2024
Sentry improper error handling leaks Application Integration Client Secret
Moderate
CVE-2024-53253
was published
for
sentry
(pip)
Nov 22, 2024
SurrealDB has an Uncaught Exception Sorting Tables by Random Order
Moderate
GHSA-m52v-24p8-654f
was published
for
surrealdb
(Rust)
Nov 22, 2024
SurrealDB has an Uncaught Exception Handling Nonexistent Role
Moderate
GHSA-jc55-246c-r88f
was published
for
surrealdb
(Rust)
Nov 22, 2024
SurrealDB has an Uncaught Exception in Function Generating Random Time
Moderate
GHSA-h4f5-h82v-5w4r
was published
for
surrealdb
(Rust)
Nov 22, 2024
SFTPGo allows administrators to restrict command execution from the EventManager
Moderate
CVE-2024-52309
was published
for
github.com/drakkan/sftpgo/v2
(Go)
Nov 21, 2024
Searching Opencast may cause a denial of service
Moderate
CVE-2024-52797
was published
for
org.opencastproject:opencast-elasticsearch-impl
(Maven)
Nov 20, 2024
cert-manager ha a potential slowdown / DoS when parsing specially crafted PEM inputs
Moderate
GHSA-r4pg-vg54-wxx4
was published
for
github.com/cert-manager/cert-manager
(Go)
Nov 20, 2024
Rancher Helm Applications may have sensitive values leaked
Moderate
CVE-2024-52282
was published
for
github.com/rancher/rancher
(Go)
Nov 20, 2024
Moodle IDOR when deleting OAuth2 linked accounts
Moderate
CVE-2024-45690
was published
for
moodle/moodle
(Composer)
Nov 20, 2024
Moodle allows users to retrieve information they did not have permission to access
Moderate
CVE-2024-45689
was published
for
moodle/moodle
(Composer)
Nov 20, 2024
django CMS Attributes Field Cross-site Scripting
Moderate
CVE-2024-11406
was published
for
djangocms-attributes-field
(pip)
Nov 20, 2024
django Filer Unrestricted Upload of File with Dangerous Type
Moderate
CVE-2024-11404
was published
for
django-filer
(pip)
Nov 20, 2024
Moodle Lesson activity password bypass through PHP loose comparison
Moderate
CVE-2024-45691
was published
for
moodle/moodle
(Composer)
Nov 20, 2024
Moodle IDOR when accessing list of course badges
Moderate
CVE-2024-48899
was published
for
moodle/moodle
(Composer)
Nov 20, 2024
Rclone has Improper Permission and Ownership Handling on Symlink Targets with --links and --metadata
Moderate
CVE-2024-52522
was published
for
github.com/rclone/rclone
(Go)
Nov 19, 2024
Redaxo Core CMS Cross Site Scripting (XSS)
Moderate
CVE-2024-50803
was published
for
redaxo/source
(Composer)
Nov 19, 2024
ProTip!
Advisories are also available from the
GraphQL API