Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,141
Erlang
30
GitHub Actions
19
Go
1,943
Maven
5,000+
npm
3,684
NuGet
650
pip
3,303
Pub
11
RubyGems
878
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+

20,378 advisories

Loading
The Snowflake Connector for Python stores sensitive data in logs Moderate
CVE-2024-49750 was published for snowflake-connector-python (pip) Oct 24, 2024
Pterodactyl Panel has plain-text logging of user passwords when two-factor authentication is disabled Moderate
CVE-2024-49762 was published for pterodactyl/panel (Composer) Oct 24, 2024
pebblehosts
AWS Load Balancer Controller automatically detaches externally associated web ACL from Application Load Balancers Low
GHSA-rjfv-pjvx-mjgv was published for sigs.k8s.io/aws-load-balancer-controller (Go) Oct 24, 2024
OpenRefine has a path traversal in LoadLanguageCommand High
CVE-2024-49760 was published for org.openrefine:openrefine (Maven) Oct 24, 2024
Remote code execution in php-heic-to-jpg High
CVE-2024-48514 was published for maestroerror/php-heic-to-jpg (Composer) Oct 24, 2024
OpenRefine leaks Google API credentials in releases High
GHSA-3pg4-qwc8-426r was published for org.openrefine:openrefine (Maven) Oct 24, 2024
Butterfly's parseJSON, getJSON functions eval malicious input, leading to remote code execution (RCE) Moderate
GHSA-mpcw-3j5p-p99x was published for org.openrefine.dependencies:butterfly (Maven) Oct 24, 2024
Butterfly has path/URL confusion in resource handling leading to multiple weaknesses Critical
CVE-2024-47883 was published for org.openrefine.dependencies:butterfly (Maven) Oct 24, 2024
OpenRefine's error page lacks escaping, leading to potential Cross-site Scripting on import of malicious project Moderate
CVE-2024-47882 was published for org.openrefine:openrefine (Maven) Oct 24, 2024
OpenRefine's SQLite integration allows filesystem access, remote code execution (RCE) High
CVE-2024-47881 was published for org.openrefine:database (Maven) Oct 24, 2024
OpenRefine has a reflected cross-site scripting vulnerability (XSS) from POST request in ExportRowsCommand High
CVE-2024-47880 was published for org.openrefine:openrefine (Maven) Oct 24, 2024
OpenRefine's PreviewExpressionCommand, which is eval, lacks protection against cross-site request forgery (CSRF) High
CVE-2024-47879 was published for org.openrefine:main (Maven) Oct 24, 2024
wetneb
OpenRefine has a reflected cross-site scripting vulnerability (XSS) in GData extension (authorized.vt) High
CVE-2024-47878 was published for org.openrefine:extensions (Maven) Oct 24, 2024
ai-admin-graphql has a Denial of service vulnerability in SaaS and marketplace setups Moderate
CVE-2024-47173 was published for aimeos/ai-admin-graphql (Composer) Oct 24, 2024
ssshah2131
baserCMS has a Cross-site Scripting (XSS) Vulnerability in Edit Email Form Settings Feature High
CVE-2024-46998 was published for baserproject/basercms (Composer) Oct 24, 2024
ayato-shitomi
baserCMS has a Cross-site Scripting (XSS) Vulnerability in Blog posts Feature Moderate
CVE-2024-46996 was published for baserproject/basercms (Composer) Oct 24, 2024
ayato-shitomi
baserCMS has a Cross-site Scripting (XSS) Vulnerability in HTTP 400 Bad Request Moderate
CVE-2024-46995 was published for baserproject/basercms (Composer) Oct 24, 2024
baserCMS has a Cross-site Scripting (XSS) Vulnerability in Blog posts and Contents list Feature Moderate
CVE-2024-46994 was published for baserproject/basercms (Composer) Oct 24, 2024
Apache Syncope: Stored XSS in Console and Enduser Moderate
CVE-2024-45031 was published for org.apache.syncope.client:syncope-client-console (Maven) Oct 24, 2024
OS Command Injection in Snyk php plugin High
CVE-2024-48963 was published for snyk-php-plugin (npm) Oct 23, 2024
OS Command Injection in Snyk gradle plugin High
CVE-2024-48964 was published for snyk-gradle-plugin (npm) Oct 23, 2024
In AshPostgres, empty, atomic, non-bulk actions, policy bypass for side-effects vulnerability. Moderate
CVE-2024-49756 was published for ash_postgres (Erlang) Oct 23, 2024
maennchen rapidfsub
zachdaniel
camaleon_cms affected by cross site scripting Moderate
CVE-2024-48652 was published for camaleon_cms (RubyGems) Oct 23, 2024
Prototype pollution vulnerability found in Mermaid's bundled version of DOMPurify High
GHSA-m4gq-x24j-jpmf was published for mermaid (npm) Oct 22, 2024
aloisklink sidharthv96
ashishjain0512 mlevy-parasoft byt3n33dl3
curl_cffi bundles a version of libcurl affected by High Severity vulnerability High
GHSA-3vpc-4p9p-47hc was published for curl-cffi (pip) Oct 22, 2024
SCH227
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database