Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
2,923
Erlang
28
GitHub Actions
16
Go
1,595
Maven
4,897
npm
3,402
NuGet
593
pip
2,593
Pub
10
RubyGems
821
Rust
758
Swift
34
Unreviewed advisories
All unreviewed
5,000+

17,455 advisories

1Panel's password verification is suspected to have a timing attack vulnerability Low
CVE-2024-30257 was published for github.com/1Panel-dev/1Panel (Go) Apr 18, 2024
Dolibarr Application Home Page has HTML injection vulnerability High
CVE-2024-23817 was published for dolibarr/dolibarr (Composer) Apr 18, 2024
saimanikanta1992
@andrei-tatar/nora-firebase-common Prototype Pollution vulnerability High
CVE-2024-30564 was published for @andrei-tatar/nora-firebase-common (npm) Apr 18, 2024
aiohttp Cross-site Scripting vulnerability on index pages for static file handling Moderate
CVE-2024-27306 was published for aiohttp (pip) Apr 18, 2024
arkark
Apache Airflow: Sensitive configuration for providers displayed when "non-sensitive-only" config used Moderate
CVE-2024-31869 was published for apache-airflow (pip) Apr 18, 2024
Prototype pollution in emit function Low
GHSA-82jv-9wjw-pqh6 was published for derby (npm) Apr 17, 2024
deadbeafda
Stored Cross-site Scripting (XSS) in excalidraw's web embed component Moderate
CVE-2024-32472 was published for @excalidraw/excalidraw (npm) Apr 17, 2024
Keycloak vulnerable to impersonation via logout token exchange Low
CVE-2023-0657 was published for org.keycloak:keycloak-services (Maven) Apr 17, 2024
Keycloak vulnerable to session hijacking via re-authentication Moderate
CVE-2023-6787 was published for org.keycloak:keycloak-services (Maven) Apr 17, 2024
Keycloak path transversal vulnerability in redirection validation High
CVE-2024-1132 was published for org.keycloak:keycloak-services (Maven) Apr 17, 2024
Keycloak's unvalidated cross-origin messages in checkLoginIframe leads to DDoS High
CVE-2024-1249 was published for org.keycloak:keycloak-services (Maven) Apr 17, 2024
Keycloak vulnerable to log Injection during WebAuthn authentication or registration Low
CVE-2023-6484 was published for org.keycloak:keycloak-services (Maven) Apr 17, 2024
.NET Elevation of Privilege Vulnerability High
CVE-2024-21409 was published for Microsoft.WindowsDesktop.App.Runtime.win-arm64 (NuGet) Apr 17, 2024
Handling untrusted input can result in a crash, leading to loss of availability / denial of service High
CVE-2024-30253 was published for @solana/web3.js (npm) Apr 17, 2024
FixedLocally steveluscher
Blind SSRF Leads to Port Scan by using Webhooks Moderate
CVE-2024-29035 was published for Umbraco.Cms.Core (NuGet) Apr 17, 2024
0xRyuzak1
Evmos vulnerable to unauthorized account creation with vesting module Moderate
GHSA-m99c-q26r-m7m7 was published for github.com/evmos/evmos/v13 (Go) Apr 17, 2024
Evmos vulnerable to DOS and transaction fee expropiation through Authz exploit Critical
GHSA-v6rw-hhgg-wc4x was published for github.com/evmos/evmos/v11 (Go) Apr 17, 2024
Keycloak Authorization Bypass vulnerability Moderate
CVE-2023-6544 was published for org.keycloak:keycloak-services (Maven) Apr 17, 2024
Keycloak Cross-site Scripting (XSS) via assertion consumer service URL in SAML POST-binding flow High
CVE-2023-6717 was published for org.keycloak:keycloak-services (Maven) Apr 17, 2024
Keycloak secondary factor bypass in step-up authentication Moderate
CVE-2023-3597 was published for org.keycloak:keycloak-services (Maven) Apr 17, 2024
sschu jbman
Keycloak path traversal vulnerability in the redirect validation High
CVE-2024-2419 was published for org.keycloak:keycloak-services (Maven) Apr 17, 2024
BlazeMeter Jenkins plugin vulnerable to Cross-Site Request Forgery Moderate
CVE-2024-3825 was published for com.blazemeter.plugins:BlazeMeterJenkinsPlugin (Maven) Apr 17, 2024
Dolibarr vulnerable to Cross-Site Request Forgery High
CVE-2024-31503 was published for dolibarr/dolibarr (Composer) Apr 17, 2024
Cross-site Scripting (XSS) possible due to improper sanitisation of `href` attributes on `<a>` tags High
CVE-2024-32463 was published for phlex (RubyGems) Apr 17, 2024
gregmolnar joeldrapper
willcosgrove
OpenFGA Authorization Bypass High
CVE-2024-31452 was published for github.com/openfga/openfga (Go) Apr 16, 2024
ProTip! Advisories are also available from the GraphQL API