GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,134
Erlang
29
GitHub Actions
19
Go
1,941
Maven
5,000+
npm
3,681
NuGet
650
pip
3,298
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+
8,983 advisories
Filter by severity
Umbraco CMS logout page displayed before session expiration
Moderate
CVE-2024-48926
was published
for
Umbraco.CMS
(NuGet)
Oct 22, 2024
Security Update for the OPC UA .NET Standard Stack
Moderate
CVE-2024-45526
was published
for
OPCFoundation.NetStandard.Opc.Ua
(NuGet)
Oct 18, 2024
Umbraco CMS Has Incomplete Server Termination During Explicit Sign-Out
Moderate
CVE-2024-48929
was published
for
Umbraco.CMS
(NuGet)
Oct 22, 2024
Umbraco has a Potential Code Execution Risk When Viewing SVG Files in Full Screen in Backoffice
Moderate
CVE-2024-48927
was published
for
Umbraco.Cms
(NuGet)
Oct 22, 2024
Umbraco CMS vulnerable to stored Cross-site Scripting in the "dictionary name" on Dictionary section
Moderate
CVE-2024-47819
was published
for
@umbraco-cms/backoffice
(npm)
Oct 22, 2024
Spring Framework DataBinder Case Sensitive Match Exception
Moderate
CVE-2024-38820
was published
for
org.springframework:spring-context
(Maven)
Oct 18, 2024
Apache InLong SQL Injection vulnerability
Moderate
CVE-2023-30465
was published
for
org.apache.inlong:manager-pojo
(Maven)
Jul 6, 2023
Sentry vulnerable to invite code reuse via cookie manipulation
Moderate
CVE-2022-23485
was published
for
sentry
(pip)
Dec 12, 2022
SleekXMPP and Slixmpp Incorrect Implementation of Message Carbons
Moderate
CVE-2017-5591
was published
for
SleekXMPP
(pip)
May 13, 2022
Cross Site Scripting (XSS) in Simiki
Moderate
CVE-2020-19000
was published
for
simiki
(pip)
Sep 1, 2021
Cross-site scripting in sickrage
Moderate
CVE-2021-25926
was published
for
sickrage
(pip)
Apr 20, 2021
Incorrect Authorization and Exposure of Sensitive Information to an Unauthorized Actor in scrapy
Moderate
CVE-2022-0577
was published
for
scrapy
(pip)
Mar 1, 2022
Code Injection in SLO Generator
Moderate
CVE-2021-22557
was published
for
slo-generator
(pip)
Oct 5, 2021
SaltStack Salt Allows creating certificates with weak file permissions
Moderate
CVE-2020-17490
was published
for
salt
(pip)
May 24, 2022
Exposure of Sensitive Information to an Unauthorized Actor in Requests
Moderate
CVE-2014-1830
was published
for
requests
(pip)
May 14, 2022
Roundup Cross-site Scripting (XSS) vulnerability
Moderate
CVE-2012-6132
was published
for
roundup
(pip)
May 17, 2022
Roundup Cross-site scripting (XSS) vulnerability
Moderate
CVE-2012-6131
was published
for
roundup
(pip)
May 17, 2022
Python RSA allows attackers to spoof signatures
Moderate
CVE-2016-1494
was published
for
rsa
(pip)
May 14, 2022
Restkit Does Not Validate TLS certificates
Moderate
CVE-2015-2674
was published
for
restkit
(pip)
May 17, 2022
Salt improper handling of tmp files
Moderate
CVE-2015-1838
was published
for
salt
(pip)
May 17, 2022
Moderate severity vulnerability that affects roundup
Moderate
CVE-2019-10904
was published
for
roundup
(pip)
Apr 9, 2019
Cilium's CIDR deny policies may not take effect when a more narrow CIDR allow is present
Moderate
CVE-2024-47825
was published
for
github.com/cilium/cilium
(Go)
Oct 21, 2024
Absolute path traversal vulnerability in digdag server
Moderate
CVE-2024-25125
was published
for
io.digdag:digdag-server
(Maven)
Feb 14, 2024
SaltStack has insecure /tmp file handling in salt/modules/chef.py
Moderate
CVE-2015-1839
was published
for
salt
(pip)
May 17, 2022
Salt Insecure configuration of PAM external authentication service
Moderate
CVE-2016-3176
was published
for
salt
(pip)
May 17, 2022
ProTip!
Advisories are also available from the
GraphQL API