GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,976
Erlang
29
GitHub Actions
16
Go
1,765
Maven
4,990
npm
3,534
NuGet
615
pip
3,103
Pub
10
RubyGems
837
Rust
785
Swift
34
Unreviewed advisories
All unreviewed
5,000+
19,462 advisories
Filter by severity
OpenSearch Observability does not properly restrict access to private tenant resources
Moderate
CVE-2024-39901
was published
for
org.opensearch.plugin:opensearch-observability
(Maven)
Jul 10, 2024
Next.js Denial of Service (DoS) condition
High
CVE-2024-39693
was published
for
next
(npm)
Jul 10, 2024
Decidim cross-site scripting (XSS) in the admin panel
Moderate
CVE-2024-27095
was published
for
decidim-admin
(RubyGems)
Jul 10, 2024
Decidim cross-site scripting (XSS) in the pagination
High
CVE-2024-32469
was published
for
decidim
(RubyGems)
Jul 10, 2024
Decidim vulnerable to data disclosure through the embed feature
Moderate
CVE-2024-27090
was published
for
decidim
(RubyGems)
Jul 10, 2024
PrivateBin allows shortening of URLs for other domains
Moderate
CVE-2024-39899
was published
for
privatebin/privatebin
(Composer)
Jul 10, 2024
Evmos vulnerable to exploit of smart contract account and vesting
High
CVE-2024-39696
was published
for
github.com/evmos/evmos/v18
(Go)
Jul 10, 2024
node-stringbuilder vulnerable to Out-of-bounds Read
High
CVE-2024-21524
was published
for
node-stringbuilder
(npm)
Jul 10, 2024
images vulnerable to Denial of Service
High
CVE-2024-21523
was published
for
images
(npm)
Jul 10, 2024
node-twain vulnerable to Improper Check or Handling of Exceptional Conditions
High
CVE-2024-21525
was published
for
node-twain
(npm)
Jul 10, 2024
Django vulnerable to user enumeration attack
High
CVE-2024-39329
was published
for
Django
(pip)
Jul 10, 2024
Django vulnerable to Denial of Service
High
CVE-2024-39614
was published
for
Django
(pip)
Jul 10, 2024
Django vulnerable to Denial of Service
High
CVE-2024-38875
was published
for
Django
(pip)
Jul 10, 2024
speaker vulnerable to Denial of Service
High
CVE-2024-21526
was published
for
speaker
(npm)
Jul 10, 2024
audify vulnerable to Improper Validation of Array Index
High
CVE-2024-21522
was published
for
audify
(npm)
Jul 10, 2024
@discordjs/opus vulnerable to Denial of Service
High
CVE-2024-21521
was published
for
@discordjs/opus
(npm)
Jul 10, 2024
BookStack Incorrect Access Control vulnerability
High
CVE-2024-36676
was published
for
ssddanbrown/bookstack
(Composer)
Jul 10, 2024
Silverpeas Core Cross-site Scripting vulnerability
Moderate
CVE-2024-39031
was published
for
org.silverpeas.core:silverpeas-core-rs
(Maven)
Jul 9, 2024
Microsoft Security Advisory CVE-2024-38095 | .NET Denial of Service Vulnerability
High
CVE-2024-38095
was published
for
Microsoft.NetCore.App.Runtime.linux-arm
(NuGet)
Jul 9, 2024
Microsoft Security Advisory CVE-2024-38081 | .NET Denial of Service Vulnerability
High
CVE-2024-38081
was published
for
Microsoft.IO.Redist
(NuGet)
Jul 9, 2024
Microsoft Security Advisory CVE-2024-35264 | .NET Remote Code Execution Vulnerability
High
CVE-2024-35264
was published
for
Microsoft.AspNetCore.App.Runtime.linux-arm
(NuGet)
Jul 9, 2024
Microsoft Security Advisory CVE-2024-30105 | .NET Denial of Service Vulnerability
High
CVE-2024-30105
was published
for
System.Text.Json
(NuGet)
Jul 9, 2024
Cache driver GetBlob() allows read access to any blob without access control check
Moderate
CVE-2024-39897
was published
for
zotregistry.dev/zot
(Go)
Jul 9, 2024
electron-updater Code Signing Bypass on Windows
High
CVE-2024-39698
was published
for
electron-updater
(npm)
Jul 9, 2024
ProTip!
Advisories are also available from the
GraphQL API