Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
48
Go
3,399
Maven
5,000+
npm
5,000+
NuGet
882
pip
4,619
Pub
13
RubyGems
1,026
Rust
1,205
Swift
52
Unreviewed advisories
All unreviewed
5,000+

28,316 advisories

Loading
Deserialization of Untrusted Data in Torrentpier Critical
CVE-2024-1651 was published for torrentpier/torrentpier (Composer) Feb 20, 2024
Undertow Uncontrolled Resource Consumption Vulnerability High
CVE-2024-1635 was published for io.undertow:undertow-core (Maven) Feb 20, 2024
Cross-Site Request Forgery in moodle High
CVE-2024-25982 was published for moodle/moodle (Composer) Feb 19, 2024
Improper Handling of Parameters in moodle Moderate
CVE-2024-25979 was published for moodle/moodle (Composer) Feb 19, 2024
Authorization Bypass in moodle Moderate
CVE-2024-25983 was published for moodle/moodle (Composer) Feb 19, 2024
Improper Access Control in moodle Moderate
CVE-2024-25980 was published for moodle/moodle (Composer) Feb 19, 2024
Uncontrolled Resource Consumption in moodle High
CVE-2024-25978 was published for moodle/moodle (Composer) Feb 19, 2024
Improper Access Control in moodle Moderate
CVE-2024-25981 was published for moodle/moodle (Composer) Feb 19, 2024
Duplicate Advisory: SQL injection in pgjdbc Critical
GHSA-xfg6-62px-cxc2 was published for org.postgresql:postgresql (Maven) Feb 19, 2024 withdrawn
Apache Commons Compress: OutOfMemoryError unpacking broken Pack200 file Moderate
CVE-2024-26308 was published for org.apache.commons:commons-compress (Maven) Feb 19, 2024
oscerd Credited to oscerd and astashys astashys astashys
Apache Commons Compress: Denial of service caused by an infinite loop for a corrupted DUMP file Moderate
CVE-2024-25710 was published for org.apache.commons:commons-compress (Maven) Feb 19, 2024
oscerd Credited to oscerd and anonymous-nlp-student anonymous-nlp-student anonymous-nlp-student
Cross-site Scripting in Serenity Moderate
CVE-2024-26318 was published for @serenity-is/corelib (npm) Feb 19, 2024
Code injection in REDAXO High
CVE-2024-25298 was published for redaxo/source (Composer) Feb 17, 2024
Improper Restriction of Excessive Authentication Attempts in github.com/greenpau/caddy-security Moderate
CVE-2024-21500 was published for github.com/greenpau/caddy-security (Go) Feb 17, 2024
Open Redirect in github.com/greenpau/caddy-security Moderate
CVE-2024-21497 was published for github.com/greenpau/caddy-security (Go) Feb 17, 2024
Improper Neutralization of HTTP Headers in github.com/greenpau/caddy-security Moderate
CVE-2024-21499 was published for github.com/greenpau/caddy-security (Go) Feb 17, 2024
Server-Side Request Forgery in github.com/greenpau/caddy-security Moderate
CVE-2024-21498 was published for github.com/greenpau/caddy-security (Go) Feb 17, 2024
Use of Insufficiently Random Values in github.com/greenpau/caddy-security Moderate
CVE-2024-21495 was published for github.com/greenpau/caddy-security (Go) Feb 17, 2024
Improper Validation of Array Index in github.com/greenpau/caddy-security Moderate
CVE-2024-21493 was published for github.com/greenpau/caddy-security (Go) Feb 17, 2024
Cross-site Scripting in github.com/greenpau/caddy-security Moderate
CVE-2024-21496 was published for github.com/greenpau/caddy-security (Go) Feb 17, 2024
Authentication Bypass by Spoofing in github.com/greenpau/caddy-security Moderate
CVE-2024-21494 was published for github.com/greenpau/caddy-security (Go) Feb 17, 2024
Insufficient Session Expiration in github.com/greenpau/caddy-security Moderate
CVE-2024-21492 was published for github.com/greenpau/caddy-security (Go) Feb 17, 2024
Vulnerability affecting the org.openjfx:javafx-media maven component of the OpenJFX project Low
CVE-2024-20925 was published for org.openjfx:javafx-media (Maven) Feb 17, 2024
westonsteimel Credited to westonsteimel
tuf's Metadata API: Targets.get_delegated_role() is missing input validation Low
GHSA-77hh-43cm-v8j6 was published for tuf (pip) Feb 16, 2024
Hazelcast Platform permission checking in CSV File Source connector High
CVE-2023-45860 was published for com.hazelcast:hazelcast (Maven) Feb 16, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database