GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,262
Erlang
31
GitHub Actions
21
Go
2,030
Maven
5,000+
npm
3,732
NuGet
662
pip
3,409
Pub
12
RubyGems
891
Rust
865
Swift
36
Unreviewed advisories
All unreviewed
5,000+
20,856 advisories
Filter by severity
aiocpa contains credential harvesting code
High
GHSA-486g-47cc-8wxf
was published
for
aiocpa
(pip)
Nov 25, 2024
Keycloak mTLS Authentication Bypass via Reverse Proxy TLS Termination
High
CVE-2024-10039
was published
for
org.keycloak:keycloak-core
(Maven)
Nov 25, 2024
Keycloak proxy header handling Denial-of-Service (DoS) vulnerability
Moderate
CVE-2024-9666
was published
for
org.keycloak:keycloak-quarkus-server
(Maven)
Nov 25, 2024
Cilium's Layer 7 policy enforcement may not occur in policies with wildcarded port ranges
Moderate
CVE-2024-52529
was published
for
github.com/cilium/cilium
(Go)
Nov 25, 2024
deno_doc's HTML generator vulnerable to Cross-site Scripting
Low
CVE-2024-32468
was published
for
deno_doc
(Rust)
Nov 25, 2024
Keycloak Build Process Exposes Sensitive Data
High
CVE-2024-10451
was published
for
org.keycloak:keycloak-quarkus-server
(Maven)
Nov 25, 2024
Keycloak Path Traversal Vulnerability Due to External Control of File Name or Path
Moderate
CVE-2024-10492
was published
for
org.keycloak:keycloak-quarkus-server
(Maven)
Nov 25, 2024
MLflow's excessive directory permissions allow local privilege escalation
High
CVE-2024-27134
was published
for
mlflow
(pip)
Nov 25, 2024
libre-chat Path Traversal vulnerability
Moderate
CVE-2024-52787
was published
for
libre-chat
(pip)
Nov 25, 2024
org.keycloak:keycloak-services has Inefficient Regular Expression Complexity
High
CVE-2024-10270
was published
for
org.keycloak:keycloak-services
(Maven)
Nov 25, 2024
rustls network-reachable panic in `Acceptor::accept`
Moderate
GHSA-qg5g-gv98-5ffh
was published
for
rustls
(Rust)
Nov 25, 2024
@sveltejs/kit vulnerable to on dev mode 404 page
Low
CVE-2024-53261
was published
for
@sveltejs/kit
(npm)
Nov 25, 2024
@sveltejs/kit has unescaped error message included on error page
Low
CVE-2024-53262
was published
for
@sveltejs/kit
(npm)
Nov 25, 2024
Artifact poisoning vulnerability in action-download-artifact v5 and earlier
High
GHSA-5xr6-xhww-33m4
was published
for
dawidd6/action-download-artifact
(GitHub Actions)
Nov 25, 2024
Taurus multi-party-sig has OT-based ECDSA protocol implementation flaws
High
GHSA-7f6p-phw2-8253
was published
for
github.com/taurusgroup/multi-party-sig
(Go)
Nov 25, 2024
Duplicate Advisory: Keycloak proxy header handling Denial-of-Service (DoS) vulnerability
Moderate
GHSA-pcx7-8hxg-j823
was published
for
org.keycloak:keycloak-quarkus-server
(Maven)
Nov 25, 2024
•
withdrawn
Duplicate Advisory: Keycloak Build Process Exposes Sensitive Data
Moderate
GHSA-jcgg-mg9g-p9wf
was published
for
org.keycloak:keycloak-quarkus-server
(Maven)
Nov 25, 2024
•
withdrawn
Duplicate Advisory: Keycloak Path Traversal Vulnerability Due to External Control of File Name or Path
Low
GHSA-6vrw-mpj8-3j59
was published
for
org.keycloak:keycloak-quarkus-server
(Maven)
Nov 25, 2024
•
withdrawn
Duplicate Advisory: org.keycloak:keycloak-services has Inefficient Regular Expression Complexity
Moderate
GHSA-j3x3-r585-4qhg
was published
for
org.keycloak:keycloak-services
(Maven)
Nov 25, 2024
•
withdrawn
OpenShift Console Server Side Request Forgery vulnerability
Moderate
CVE-2024-6538
was published
for
github.com/openshift/console
(Go)
Nov 25, 2024
OpenStack Neutron can use an incorrect ID during policy enforcement
Moderate
CVE-2024-53916
was published
for
neutron
(pip)
Nov 25, 2024
Kubernetes kubelet arbitrary command execution
High
CVE-2024-10220
was published
for
k8s.io/kubernetes
(Go)
Nov 22, 2024
Apache Answer: Predictable Authorization Token Using UUIDv1
Low
CVE-2024-45719
was published
for
github.com/apache/incubator-answer
(Go)
Nov 22, 2024
smol-toml has a Denial of Service via malicious TOML document using deeply nested inline tables
Moderate
GHSA-pqhp-25j4-6hq9
was published
for
smol-toml
(npm)
Nov 22, 2024
Sentry improper error handling leaks Application Integration Client Secret
Moderate
CVE-2024-53253
was published
for
sentry
(pip)
Nov 22, 2024
ProTip!
Advisories are also available from the
GraphQL API