GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,224
Erlang
31
GitHub Actions
19
Go
1,990
Maven
5,000+
npm
3,705
NuGet
661
pip
3,336
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+
32 advisories
Filter by severity
Tor Arti's STUB circuits incorrectly have a length of 2
High
CVE-2024-35312
was published
for
arti
(Rust)
May 18, 2024
btcd did not correctly re-implement Bitcoin Core's "FindAndDelete()" functionality
High
CVE-2024-38365
was published
for
github.com/btcsuite/btcd
(Go)
Oct 10, 2024
In Gradio, the `enable_monitoring` flag set to `False` does not disable monitoring
Low
CVE-2024-47168
was published
for
gradio
(pip)
Oct 10, 2024
wasmtime has a runtime crash when combining tail calls with trapping imports
Moderate
CVE-2024-47763
was published
for
wasmtime
(Rust)
Oct 9, 2024
Denial of service in quinn-proto when using `Endpoint::retry()`
High
CVE-2024-45311
was published
for
quinn-proto
(Rust)
Sep 3, 2024
Ansible unsafe evaluation of some strings
High
CVE-2014-2686
was published
for
ansible
(pip)
May 17, 2022
Vyper: reversed order of side effects for some operations
Moderate
CVE-2023-40015
was published
for
vyper
(pip)
Sep 4, 2023
Contract balance not updating correctly after interchain transaction
High
CVE-2024-37153
was published
for
github.com/evmos/evmos/v10
(Go)
Jun 6, 2024
Keycloak's improper input validation allows using email as username
Low
GHSA-4vc8-pg5c-vg4x
was published
for
org.keycloak:keycloak-services
(Maven)
Jun 12, 2024
Requests `Session` object does not verify requests after making first request with verify=False
Moderate
CVE-2024-35195
was published
for
requests
(pip)
May 20, 2024
eZ Platform Rules to disable executable access are ignored on Platform.sh (eZ Cloud)
Moderate
GHSA-6xch-2vxx-5pvr
was published
for
ezsystems/ezplatform
(Composer)
May 15, 2024
Incorrect control flow in Jenkins Gradle Plugin breaks credentials masking in the build log
Moderate
CVE-2023-39152
was published
for
org.jenkins-ci.plugins:gradle
(Maven)
Jul 26, 2023
Always incorrect control flow in github.com/mojocn/base64Captcha
Moderate
CVE-2023-45292
was published
for
github.com/mojocn/base64Captcha
(Go)
Dec 12, 2023
OpenZeppelin Contracts and Contracts Upgradeable duplicated execution of subcalls in v4.9.4
Moderate
CVE-2023-49798
was published
for
@openzeppelin/contracts
(npm)
Dec 12, 2023
Electron's Content-Secrity-Policy disabling eval not applied consistently in renderers with sandbox disabled
High
CVE-2023-23623
was published
for
electron
(npm)
Sep 6, 2023
Incorrect success value returned in vyper
High
CVE-2023-30629
was published
for
vyper
(pip)
Apr 24, 2023
Vyper's nonpayable default functions are sometimes payable
Low
CVE-2023-32675
was published
for
vyper
(pip)
May 22, 2023
incorrect order of evaluation of side effects for some builtins
Moderate
CVE-2023-41052
was published
for
vyper
(pip)
Sep 4, 2023
Trigger `beforeFind` not invoked in internal query pipeline when fetching pointer
High
CVE-2023-41058
was published
for
parse-server
(npm)
Sep 4, 2023
Fiber unauthorized access vulnerability in `ctx.IsFromLocal()`
Moderate
CVE-2023-41338
was published
for
github.com/gofiber/fiber
(Go)
Sep 8, 2023
bson-objectid contains Improper input validation
High
CVE-2019-19729
was published
for
bson-objectid
(npm)
May 24, 2022
Multiple evaluation of contract address in call in vyper
High
CVE-2022-29255
was published
for
vyper
(pip)
Jun 6, 2022
Incorrect Handling of Non-Boolean Comparisons During Minification in uglify-js
Critical
CVE-2015-8857
was published
for
uglifier
(RubyGems)
Oct 24, 2017
Drainage of FeeCollector's Block Transaction Fees in cronos
High
CVE-2021-43839
was published
for
github.com/crypto-org-chain/cronos
(Go)
Jan 6, 2022
Incorrect is_static parameter for custom stateful precompiles in SputnikVM (evm)
Moderate
CVE-2022-39354
was published
for
evm
(Rust)
Oct 25, 2022
ProTip!
Advisories are also available from the
GraphQL API