GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,133
Erlang
29
GitHub Actions
19
Go
1,940
Maven
5,000+
npm
3,677
NuGet
645
pip
3,295
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+
1,940 advisories
Filter by severity
open-telemetry has an Observable Timing Discrepancy
Moderate
CVE-2024-42368
was published
for
github.com/open-telemetry/opentelemetry-collector-contrib/extension/bearertokenauthextension
(Go)
Aug 13, 2024
RBAC Roles for `etcd` created by Kamaji are not disjunct
High
CVE-2024-42480
was published
for
github.com/clastix/kamaji
(Go)
Aug 12, 2024
Apache Answer: The link for resetting user password is not Single-Use
Moderate
CVE-2024-41888
was published
for
github.com/apache/incubator-answer
(Go)
Aug 12, 2024
Apache Answer: The link to reset the user's password will remain valid after sending a new link
Moderate
CVE-2024-41890
was published
for
github.com/apache/incubator-answer
(Go)
Aug 12, 2024
OpenFGA Authorization Bypass
High
CVE-2024-42473
was published
for
github.com/openfga/openfga
(Go)
Aug 9, 2024
CosmWasm wasmd has large address count in ValidateBasic
Low
GHSA-m3rh-cvr5-x6q4
was published
for
github.com/CosmWasm/wasmd
(Go)
Aug 8, 2024
Gas mispricing in cosmwasm-vm
Moderate
GHSA-rg2q-2jh9-447q
was published
for
cosmwasm-vm
(Go)
Aug 8, 2024
Gorush uses deprecated TLS versions
Moderate
CVE-2024-41270
was published
for
github.com/appleboy/gorush
(Go)
Aug 6, 2024
Gitea Cross-site Scripting Vulnerability
Critical
CVE-2024-6886
was published
for
code.gitea.io/gitea
(Go)
Aug 6, 2024
rudder-server is vulnerable to SQL injection
High
CVE-2023-30625
was published
for
github.com/rudderlabs/rudder-server
(Go)
Aug 5, 2024
CasaOS Command Injection vulnerability
High
CVE-2023-37469
was published
for
github.com/IceWhaleTech/CasaOS
(Go)
Aug 5, 2024
Meshery SQL Injection vulnerability
Moderate
CVE-2024-35182
was published
for
github.com/layer5io/meshery
(Go)
Aug 5, 2024
Owncast Path Traversal vulnerability
Low
CVE-2024-31450
was published
for
github.com/owncast/owncast
(Go)
Aug 5, 2024
Meshery SQL Injection vulnerability
Moderate
CVE-2024-35181
was published
for
github.com/layer5io/meshery
(Go)
Aug 5, 2024
gotortc vulnerable to Cross-Site Request Forgery
High
CVE-2024-29192
was published
for
github.com/AlexxIT/go2rtc
(Go)
Aug 5, 2024
gotortc Cross-site Scripting vulnerability
Moderate
CVE-2024-29191
was published
for
github.com/AlexxIT/go2rtc
(Go)
Aug 5, 2024
gotortc Cross-site Scripting vulnerability
Moderate
CVE-2024-29193
was published
for
github.com/AlexxIT/go2rtc
(Go)
Aug 5, 2024
Meshery SQL Injection vulnerability
High
CVE-2024-29031
was published
for
github.com/layer5io/meshery
(Go)
Aug 5, 2024
memos vulnerable to Server-Side Request Forgery in /api/resource
Moderate
CVE-2024-29030
was published
for
github.com/usememos/memos
(Go)
Aug 5, 2024
memos vulnerable to Server-Side Request Forgery in /o/get/httpmeta
Moderate
CVE-2024-29028
was published
for
github.com/usememos/memos
(Go)
Aug 5, 2024
memos vulnerable to Server-Side Request Forgery and Cross-site Scripting
Moderate
CVE-2024-29029
was published
for
github.com/usememos/memos
(Go)
Aug 5, 2024
Owncast Cross-Site Request Forgery vulnerability
High
CVE-2024-29026
was published
for
github.com/owncast/owncast
(Go)
Aug 5, 2024
RobotsAndPencils go-saml authentication bypass vulnerability
High
CVE-2023-48703
was published
for
github.com/RobotsAndPencils/go-saml
(Go)
Aug 5, 2024
lorawan-stack Open Redirect vulnerability
Moderate
CVE-2023-26494
was published
for
go.thethings.network/lorawan-stack/v3
(Go)
Aug 5, 2024
Juju's unprivileged user running on charm node can leak any secret or relation data accessible to the local charm
High
GHSA-6vjm-54vp-mxhx
was published
for
github.com/juju/juju
(Go)
Aug 5, 2024
ProTip!
Advisories are also available from the
GraphQL API