GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
2,857
Erlang
26
GitHub Actions
16
Go
1,539
Maven
4,826
npm
3,352
NuGet
578
pip
2,517
Pub
8
RubyGems
816
Rust
747
Swift
33
Unreviewed advisories
All unreviewed
5,000+
17,105 advisories
Filter by severity
[TagAwareCipher] - Decryption Failure (Regex Match)
Low
CVE-2024-28864
was published
for
ilicmiljan/secure-props
(Composer)
Mar 18, 2024
Use-after-free in libxml2 via Nokogiri::XML::Reader
Moderate
GHSA-vcc3-rw6f-jv97
was published
for
nokogiri
(RubyGems)
Mar 18, 2024
Denial of service via regular expression
High
CVE-2024-28865
was published
for
wiki
(pip)
Mar 18, 2024
Gadget chain in Symfony 1 due to vulnerable Swift Mailer dependency
Moderate
CVE-2024-28859
was published
for
friendsofsymfony1/symfony1
(Composer)
Mar 18, 2024
Improper HTML sanitization in ZITADEL
High
CVE-2024-28855
was published
for
github.com/zitadel/zitadel
(Go)
Mar 18, 2024
Unencrypted traffic between nodes when using WireGuard and L7 policies
Moderate
CVE-2024-28250
was published
for
github.com/cilium/cilium
(Go)
Mar 18, 2024
Unencrypted traffic between nodes when using IPsec and L7 policies
Moderate
CVE-2024-28249
was published
for
github.com/cilium/cilium
(Go)
Mar 18, 2024
Intermittent HTTP policy bypass
High
CVE-2024-28248
was published
for
github.com/cilium/cilium
(Go)
Mar 18, 2024
XSS via the "Snapshot Test" feature in Classic Webcam plugin settings
Moderate
CVE-2024-28237
was published
for
OctoPrint
(pip)
Mar 18, 2024
Bypassing Rate Limit and Brute Force Protection Using Cache Overflow
Moderate
CVE-2024-21662
was published
for
github.com/argoproj/argo-cd
(Go)
Mar 18, 2024
Denial of Service (DoS) Vulnerability Due to Unsafe Array Modification in Multi-threaded Environment
High
CVE-2024-21661
was published
for
github.com/argoproj/argo-cd
(Go)
Mar 18, 2024
RCE in TranformGraph().to_dot_graph function
High
CVE-2023-41334
was published
for
astropy
(pip)
Mar 18, 2024
ROTP 6.2.2 and 6.2.1 has 0666 permissions for the .rb files.
Moderate
CVE-2024-28862
was published
for
rotp
(RubyGems)
Mar 18, 2024
Bypassing Brute Force Protection via Application Crash and In-Memory Data Loss
Moderate
CVE-2024-21652
was published
for
github.com/argoproj/argo-cd/v2
(Go)
Mar 18, 2024
Erroneous authentication pass in Spring Security
High
CVE-2024-22257
was published
for
org.springframework.security:spring-security-core
(Maven)
Mar 18, 2024
Improper Privilege Management in djangorestframework-simplejwt
Moderate
CVE-2024-22513
was published
for
djangorestframework-simplejwt
(pip)
Mar 16, 2024
Spring Framework URL Parsing with Host Validation Vulnerability
High
CVE-2024-22259
was published
for
org.springframework:spring-web
(Maven)
Mar 16, 2024
Regular expression denial-of-service in Django
Low
CVE-2024-27351
was published
for
django
(pip)
Mar 15, 2024
CLI for Vela Insecure Variable Substitution
High
GHSA-4jhj-3gv3-c3gr
was published
for
github.com/go-vela/cli
(Go)
Mar 15, 2024
Golang SDK for Vela Insecure Variable Substitution
High
GHSA-v8mx-hp2q-gw85
was published
for
github.com/go-vela/sdk-go
(Go)
Mar 15, 2024
Server/API for Vela Insecure Variable Substitution
High
GHSA-69p4-j5v5-x234
was published
for
github.com/go-vela/server
(Go)
Mar 15, 2024
Types for Vela Insecure Variable Substitution
High
GHSA-7v38-w32m-wx4m
was published
for
github.com/go-vela/types
(Go)
Mar 15, 2024
tls-listener affected by the slow loris vulnerability with default configuration
High
CVE-2024-28854
was published
for
tls-listener
(Rust)
Mar 15, 2024
TurboBoost Commands vulnerable to arbitrary method invocation
High
CVE-2024-28181
was published
for
@turbo-boost/commands
(RubyGems)
Mar 15, 2024
Cross-site scripting on application summary component
Critical
CVE-2024-28175
was published
for
github.com/argoproj/argo-cd
(Go)
Mar 15, 2024
ProTip!
Advisories are also available from the
GraphQL API