Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,039
Erlang
29
GitHub Actions
18
Go
1,864
Maven
5,000+
npm
3,587
NuGet
636
pip
3,176
Pub
10
RubyGems
852
Rust
805
Swift
34
Unreviewed advisories
All unreviewed
5,000+

19,850 advisories

s2n-tls's mTLS API ordering may skip client authentication Moderate
GHSA-857q-xmph-p2v5 was published for s2n-tls (Rust) Aug 9, 2024
Withdrawn Advisory: Litestar has an environment Variable injection in `docs-preview.yml` workflow High
CVE-2024-42370 was published for litestar (pip) Aug 9, 2024 withdrawn
pwntester JacobCoffee
CometVisu Backend for openHAB has a path traversal vulnerability Moderate
CVE-2024-42468 was published for org.openhab.ui.bundles:org.openhab.ui.cometvisu (Maven) Aug 9, 2024
p- peuter
CometVisu Backend for openHAB affected by RCE through path traversal Critical
CVE-2024-42469 was published for org.openhab.ui.bundles:org.openhab.ui.cometvisu (Maven) Aug 9, 2024
p-
CometVisu Backend for openHAB has a sensitive information disclosure vulnerability Moderate
CVE-2024-42470 was published for org.openhab.ui.bundles:org.openhab.ui.cometvisu (Maven) Aug 9, 2024
p-
CometVisu Backend for openHAB affected by SSRF/XSS High
CVE-2024-42467 was published for org.openhab.ui.bundles:org.openhab.ui.cometvisu (Maven) Aug 9, 2024
p- peuter
In aiohttp, compressed files as symlinks are not protected from path traversal Moderate
CVE-2024-42367 was published for aiohttp (pip) Aug 9, 2024
steverep
Concrete CMS Stored XSS in getAttributeSetName Low
CVE-2024-7394 was published for concrete5/concrete5 (Composer) Aug 8, 2024
CosmWasm wasmd has large address count in ValidateBasic Low
GHSA-m3rh-cvr5-x6q4 was published for github.com/CosmWasm/wasmd (Go) Aug 8, 2024
sushiwushi
Gas mispricing in cosmwasm-vm Moderate
GHSA-rg2q-2jh9-447q was published for cosmwasm-vm (Go) Aug 8, 2024
unknownfeature
Shopware vulnerable to blind SQL-injection in DAL aggregations High
CVE-2024-42357 was published for shopware/core (Composer) Aug 8, 2024
Shopware vulnerable to Server Side Template Injection in Twig using Context functions High
CVE-2024-42356 was published for shopware/core (Composer) Aug 8, 2024
Creastery
Shopware vulnerable to Server Side Template Injection in Twig using deprecation silence tag High
CVE-2024-42355 was published for shopware/core (Composer) Aug 8, 2024
Creastery
Shopware vulnerable to Improper Access Control with ManyToMany associations in store-api Moderate
CVE-2024-42354 was published for shopware/core (Composer) Aug 8, 2024
JoshuaBehrens
JupyterHub has a privilege escalation vulnerability with the `admin:users` scope High
CVE-2024-41942 was published for jupyterhub (pip) Aug 8, 2024
oliver-sanders
Open WebUI Stored Cross-Site Scripting Vulnerability Moderate
CVE-2024-6706 was published for open-webui (pip) Aug 8, 2024
Pulp incorrectly assigns RBAC permissions in tasks that create objects Moderate
CVE-2024-7143 was published for pulpcore (pip) Aug 7, 2024
Jenkins Remoting library arbitrary file read vulnerability Critical
CVE-2024-43044 was published for org.jenkins-ci.main:jenkins-core (Maven) Aug 7, 2024
Jenkins does not perform a permission check in an HTTP endpoint Moderate
CVE-2024-43045 was published for org.jenkins-ci.main:jenkins-core (Maven) Aug 7, 2024
Django memory consumption vulnerability Moderate
CVE-2024-41989 was published for Django (pip) Aug 7, 2024
Django SQL injection vulnerability Critical
CVE-2024-42005 was published for Django (pip) Aug 7, 2024
Django vulnerable to denial-of-service attack Moderate
CVE-2024-41991 was published for Django (pip) Aug 7, 2024
Django vulnerable to a denial-of-service attack Moderate
CVE-2024-41990 was published for Django (pip) Aug 7, 2024
Gorush uses deprecated TLS versions Moderate
CVE-2024-41270 was published for github.com/appleboy/gorush (Go) Aug 6, 2024
Qwik has a potential mXSS vulnerability due to improper HTML escaping Moderate
CVE-2024-41677 was published for @builder.io/qwik (npm) Aug 6, 2024
arkark
ProTip! Advisories are also available from the GraphQL API