Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,413
Erlang
28
GitHub Actions
16
Go
1,650
Maven
4,914
npm
3,437
NuGet
594
pip
2,774
Pub
10
RubyGems
822
Rust
760
Swift
34
Unreviewed advisories
All unreviewed
5,000+

18,236 advisories

Lavalite CMS Cross Site Scripting vulnerability Moderate
CVE-2024-31828 was published for lavalite/cms (Composer) Apr 27, 2024
Sidekiq vulnerable to a Reflected XSS in Queues Web Page Moderate
CVE-2024-32887 was published for sidekiq (RubyGems) Apr 26, 2024
UmerAdeemCheema
Argo CD vulnerable to a Denial of Service via malicious jqPathExpressions in ignoreDifferences Moderate
CVE-2024-32476 was published for github.com/argoproj/argo-cd/v2 (Go) Apr 26, 2024
crenshaw-dev
Mattermost allows team admins to promote guests to team admins Low
CVE-2024-4195 was published for github.com/mattermost/mattermost-server (Go) Apr 26, 2024
Mattermost's detailed error messages reveal the full file path Moderate
CVE-2024-32046 was published for github.com/mattermost/mattermost-server (Go) Apr 26, 2024
Mattermost crashes web clients via a malformed custom status Moderate
CVE-2024-4182 was published for github.com/mattermost/mattermost-server (Go) Apr 26, 2024
Mattermost fails to limit the number of active sessions Moderate
CVE-2024-4183 was published for github.com/mattermost/mattermost-server (Go) Apr 26, 2024
Mattermost fails to fully validate role changes Low
CVE-2024-4198 was published for github.com/mattermost/mattermost-server (Go) Apr 26, 2024
Mattermost fails to limit the size of a request path Low
CVE-2024-22091 was published for github.com/mattermost/mattermost-server (Go) Apr 26, 2024
Runc allows an arbitrary systemd property to be injected High
CVE-2024-3154 was published for github.com/opencontainers/runc (Go) Apr 26, 2024
Passbolt API allows HTML injection Moderate
CVE-2024-33670 was published for passbolt/passbolt_api (Composer) Apr 26, 2024
python-jose denial of service via compressed JWT tokens Moderate
CVE-2024-33664 was published for python-jose (pip) Apr 26, 2024
python-jose algorithm confusion with OpenSSH ECDSA keys High
CVE-2024-33663 was published for python-jose (pip) Apr 26, 2024
vyper's range(start, start + N) reverts for negative numbers Moderate
CVE-2024-32481 was published for vyper (pip) Apr 25, 2024
trocher
vyper performs incorrect topic logging in raw_log Moderate
CVE-2024-32645 was published for vyper (pip) Apr 25, 2024
chen-robert
vyper performs double eval of the slice args when buffer from adhoc locations Moderate
CVE-2024-32646 was published for vyper (pip) Apr 25, 2024
cyberthirst
vyper performs double eval of raw_args in create_from_blueprint Moderate
CVE-2024-32647 was published for vyper (pip) Apr 25, 2024
vyper default functions don't respect nonreentrancy keys Moderate
CVE-2024-32648 was published for vyper (pip) Apr 25, 2024
vyper performs double eval of the argument of sqrt Moderate
CVE-2024-32649 was published for vyper (pip) Apr 25, 2024
cyberthirst
PHPECC vulnerable to multiple cryptographic side-channel attacks Critical
GHSA-346h-749j-r28w was published for mdanter/ecc (Composer) Apr 25, 2024
ZITADEL's Improper Lockout Mechanism Leads to MFA Bypass Moderate
CVE-2024-32868 was published for github.com/zitadel/zitadel (Go) Apr 25, 2024
livio-a Skelmis
itz-d0dgy amit-laish muhlemmer peintnermax
Quarkus: authorization flaw in quarkus resteasy reactive and classic Moderate
CVE-2023-5675 was published for io.quarkus:quarkus-resteasy-reactive-common (Maven) Apr 25, 2024
Jberet: jberet-core logging database credentials Moderate
CVE-2024-1102 was published for org.jberet:jberet-core (Maven) Apr 25, 2024
Quarkus: security checks in resteasy reactive may trigger a denial of service Moderate
CVE-2024-1726 was published for io.quarkus.resteasy.reactive:resteasy-reactive (Maven) Apr 25, 2024
Cluster Monitoring Operator contains a credentials leak High
CVE-2024-1139 was published for github.com/openshift/cluster-monitoring-operator (Go) Apr 25, 2024
ProTip! Advisories are also available from the GraphQL API