GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
19,440 advisories
Cache driver GetBlob() allows read access to any blob without access control check
Moderate
CVE-2024-39897
was published
for
zotregistry.dev/zot
(Go)
Jul 9, 2024
electron-updater Code Signing Bypass on Windows
High
CVE-2024-39698
was published
for
electron-updater
(npm)
Jul 9, 2024
panic on parsing crafted phonenumber inputs
High
CVE-2024-39697
was published
for
phonenumber
(Rust)
Jul 9, 2024
Undici vulnerable to data leak when using response.arrayBuffer()
Low
CVE-2024-38372
was published
for
undici
(npm)
Jul 9, 2024
Directus GraphQL Field Duplication Denial of Service (DoS)
Moderate
CVE-2024-39895
was published
for
@directus/env
(npm)
Jul 8, 2024
zerovec-derive incorrectly uses `#[repr(packed)]`
Moderate
GHSA-74r5-g7vc-j2v2
was published
for
zerovec-derive
(Rust)
Jul 8, 2024
Directus incorrectly handles `_in` filter
Moderate
CVE-2024-39701
was published
for
directus
(npm)
Jul 8, 2024
Directus Blind SSRF On File Import
Moderate
CVE-2024-39699
was published
for
@directus/api
(npm)
Jul 8, 2024
Khoj Open Redirect Vulnerability in Login Page
Moderate
GHSA-564j-v29w-rqr6
was published
for
khoj-assistant
(pip)
Jul 8, 2024
yt-dlp has dependency on potentially malicious third-party code in Douyu extractors
Low
GHSA-3v33-3wmw-3785
was published
for
yt-dlp
(pip)
Jul 8, 2024
NHibernate SQL injection vulnerability in discriminator mappings, static fields referenced in HQL, and some utilities
Moderate
CVE-2024-39677
was published
for
NHibernate
(NuGet)
Jul 8, 2024
ProTip!
Advisories are also available from the
GraphQL API