GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
19,583 advisories
Apache Arrow Rust Object Store: AWS WebIdentityToken exposure in log files
Moderate
CVE-2024-41178
was published
for
object_store
(Rust)
Jul 23, 2024
(ReDoS) Regular Expression Denial of Service in tf2-item-format
High
CVE-2024-41655
was published
for
tf2-item-format
(npm)
Jul 23, 2024
SixLabors ImageSharp has Excessive Memory Allocation in Gif Decoder
Moderate
CVE-2024-41132
was published
for
SixLabors.ImageSharp
(NuGet)
Jul 22, 2024
SixLabors ImageSharp Out-of-bounds Write
High
CVE-2024-41131
was published
for
SixLabors.ImageSharp
(NuGet)
Jul 22, 2024
ops leaking secrets if `subprocess.CalledProcessError` happens with a `secret-*` CLI command
Moderate
CVE-2024-41129
was published
for
ops
(pip)
Jul 22, 2024
Argo CD Unauthenticated Denial of Service (DoS) Vulnerability via /api/webhook Endpoint
High
CVE-2024-40634
was published
for
github.com/argoproj/argo-cd
(Go)
Jul 22, 2024
Ankitects Anki arbitrary script execution vulnerability
Critical
CVE-2024-26020
was published
for
anki
(pip)
Jul 22, 2024
Anki Latex Incomplete Blocklist Vulnerability
Moderate
CVE-2024-29073
was published
for
anki
(pip)
Jul 22, 2024
Ankitects Anki LaTeX Blocklist Bypass vulnerability
Low
CVE-2024-32152
was published
for
anki
(pip)
Jul 22, 2024
Apache RocketMQ Vulnerable to Unauthorized Exposure of Sensitive Data
Moderate
CVE-2024-23321
was published
for
org.apache.rocketmq:rocketmq-all
(Maven)
Jul 22, 2024
[PUNCIA] [CWE-319] Cleartext Transmission of Sensitive Information via HTTP urls in `API_URLS`
Low
CVE-2024-41124
was published
for
puncia
(pip)
Jul 19, 2024
ProTip!
Advisories are also available from the
GraphQL API