GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
2,905
Erlang
27
GitHub Actions
16
Go
1,570
Maven
4,859
npm
3,385
NuGet
586
pip
2,548
Pub
10
RubyGems
819
Rust
757
Swift
34
Unreviewed advisories
All unreviewed
5,000+
17,301 advisories
Filter by severity
Grafana: Users outside an organization can delete a snapshot with its key
Moderate
CVE-2024-1313
was published
for
github.com/grafana/grafana
(Go)
Apr 5, 2024
ibc-go: Potential Reentrancy using Timeout Callbacks in ibc-hooks
Critical
GHSA-j496-crgh-34mx
was published
for
github.com/cosmos/ibc-go
(Go)
Apr 5, 2024
PsiTransfer: File integrity violation
Moderate
GHSA-2p2x-p7wj-j5h2
was published
for
psitransfer
(npm)
Apr 5, 2024
PsiTransfer: Violation of the integrity of file distribution
Moderate
GHSA-xg8v-m2mh-45m6
was published
for
psitransfer
(npm)
Apr 5, 2024
libdav1d-sys affected by dav1d AV1 decoder integer overflow
Moderate
GHSA-mc39-h54g-pvw6
was published
for
libdav1d-sys
(Rust)
Apr 5, 2024
transpose: Buffer overflow due to integer overflow
Critical
GHSA-5gmm-6m36-r7jh
was published
for
transpose
(Rust)
Apr 5, 2024
crayon: ObjectPool creates uninitialized memory when freeing objects
High
GHSA-xfhw-6mc4-mgxf
was published
for
crayon
(Rust)
Apr 5, 2024
whoami stack buffer overflow on several Unix platforms
High
GHSA-w5w5-8vfh-xcjq
was published
for
whoami
(Rust)
Apr 5, 2024
eyre: Parts of Report are dropped as the wrong type during downcast
High
GHSA-4v52-7q2x-v4xj
was published
for
eyre
(Rust)
Apr 5, 2024
HPACK decoder panics on invalid input
High
GHSA-w7hm-hmxv-pvhf
was published
for
hpack
(Rust)
Apr 5, 2024
h2 servers vulnerable to degradation of service with CONTINUATION Flood
Moderate
GHSA-q6cp-qfwq-4gcv
was published
for
h2
(Rust)
Apr 5, 2024
Pebble service manager's file pull API allows access by any user
Moderate
CVE-2024-3250
was published
for
github.com/canonical/pebble
(Go)
Apr 5, 2024
cassandra-rs's non-idiomatic use of iterators leads to use after free
High
CVE-2024-27284
was published
for
cassandra-cpp
(Rust)
Apr 5, 2024
Mattermost Server doesn't limit the number of user preferences
Moderate
CVE-2024-28949
was published
for
github.com/mattermost/mattermost/server/v8
(Go)
Apr 5, 2024
Mattermost fails to authenticate the source of certain types of post actions
Moderate
CVE-2024-2447
was published
for
github.com/mattermost/mattermost/server/v8
(Go)
Apr 5, 2024
net/http, x/net/http2: close connections when receiving too many headers
Moderate
CVE-2023-45288
was published
for
golang.org/x/net/http2
(Go)
Apr 4, 2024
HashiCorpVault does not correctly validate OCSP responses
Moderate
CVE-2024-2660
was published
for
github.com/hashicorp/vault
(Go)
Apr 4, 2024
quarkus-core leaks local environment variables from Quarkus namespace during application's build
High
CVE-2024-2700
was published
for
io.quarkus:quarkus-core
(Maven)
Apr 4, 2024
pgAdmin Remote Code Execution (RCE) vulnerability
High
CVE-2024-3116
was published
for
pgadmin4
(pip)
Apr 4, 2024
Duplicate Advisory: Pebble service manager's file pull API allows access by any user
Moderate
GHSA-65pc-76pq-pvf5
was published
for
github.com/canonical/pebble
(Go)
Apr 4, 2024
•
withdrawn
Mobile Security Framework (MobSF) vulnerable to SSRF in firebase database check
Moderate
CVE-2024-31215
was published
for
mobsf
(pip)
Apr 4, 2024
dectalk-tts Uses Unencrypted HTTP Request
High
CVE-2024-31206
was published
for
dectalk-tts
(npm)
Apr 4, 2024
Undici's fetch with integrity option is too lax when algorithm is specified but hash value is in incorrect
Low
CVE-2024-30261
was published
for
undici
(npm)
Apr 4, 2024
Undici's Proxy-Authorization header not cleared on cross-origin redirect for dispatch, request, stream, pipeline
Low
CVE-2024-30260
was published
for
undici
(npm)
Apr 4, 2024
Temporal Server Denial of Service
Moderate
CVE-2024-2689
was published
for
github.com/temporalio/temporal
(Go)
Apr 4, 2024
ProTip!
Advisories are also available from the
GraphQL API