GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,956
Erlang
29
GitHub Actions
16
Go
1,740
Maven
4,967
npm
3,507
NuGet
609
pip
3,064
Pub
10
RubyGems
832
Rust
780
Swift
34
Unreviewed advisories
All unreviewed
5,000+
2,932 advisories
Filter by severity
rke's credentials are stored in the RKE1 Cluster state ConfigMap
Critical
CVE-2023-32191
was published
for
github.com/rancher/rke
(Go)
Jun 17, 2024
DeepJavaLibrary API absolute path traversal
Critical
CVE-2024-37902
was published
for
ai.djl:api
(Maven)
Jun 17, 2024
Magento Open Source affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability
Critical
CVE-2024-34102
was published
for
magento/community-edition
(Composer)
Jun 13, 2024
Apache Submarine Server Core Incorrect Authorization vulnerability
Critical
CVE-2024-36265
was published
for
org.apache.submarine:submarine-server-core
(Maven)
Jun 12, 2024
parisneo/lollms Local File Inclusion (LFI) attack
Critical
CVE-2024-4315
was published
for
lollms
(pip)
Jun 12, 2024
Jupyter Server Proxy has a reflected XSS issue in host parameter
Critical
CVE-2024-35225
was published
for
jupyter-server-proxy
(pip)
Jun 11, 2024
document-merge-service vulnerable to Remote Code Execution via Server-Side Template Injection
Critical
CVE-2024-37301
was published
for
document-merge-service
(pip)
Jun 11, 2024
lunary-ai/lunary Access Control Vulnerability in Prompt Variation Management
Critical
CVE-2024-5389
was published
for
lunary
(pip)
Jun 10, 2024
lunary-ai/lunary allows users unauthorized access to projects
Critical
CVE-2024-4146
was published
for
lunary
(npm)
Jun 8, 2024
Zendframework1 Potential SQL injection in ORDER and GROUP functions
Critical
GHSA-6fqw-j3vm-7f66
was published
for
zendframework/zendframework1
(Composer)
Jun 7, 2024
Zendframework1 potential SQL injection vector using null byte for PDO (MsSql, SQLite)
Critical
GHSA-v42g-7q2x-cw32
was published
for
zendframework/zendframework1
(Composer)
Jun 7, 2024
ZendFramework1 Potential SQL injection in the ORDER implementation of Zend_Db_Select
Critical
GHSA-2x36-qhx3-7m5f
was published
for
zendframework/zendframework1
(Composer)
Jun 7, 2024
willdurand/js-translation-bundle potential path traversal attack and remote code injection
Critical
GHSA-x86x-qhf8-f37w
was published
for
willdurand/js-translation-bundle
(Composer)
Jun 7, 2024
Zend-JSON vulnerable to XXE/XEE attacks
Critical
GHSA-8x2v-pcg7-94f4
was published
for
zendframework/zend-json
(Composer)
Jun 7, 2024
ebookmeta XML External Entity vulnerability
Critical
CVE-2024-37388
was published
for
ebookmeta
(pip)
Jun 7, 2024
ZendFramework potential XML eXternal Entity injection vectors
Critical
GHSA-mhpx-3rv8-wrjm
was published
for
zendframework/zendframework1
(Composer)
Jun 7, 2024
ZendFramework potential SQL Injection Vector When Using PDO_MySql
Critical
GHSA-qf36-fx9f-232x
was published
for
zendframework/zendframework1
(Composer)
Jun 7, 2024
ZendFramework vulnerable to XXE/XEE attacks
Critical
GHSA-f4fj-q6m4-cc52
was published
for
zendframework/zend-xmlrpc
(Composer)
Jun 7, 2024
Zendframework vulnerable to XXE/XEE attacks
Critical
GHSA-qc7w-4567-84wv
was published
for
zendframework/zendframework
(Composer)
Jun 7, 2024
Remote code execution in pytorch lightning
Critical
CVE-2024-5452
was published
for
lightning
(pip)
Jun 6, 2024
Arbitrary Code Execution in TYPO3 CMS
Critical
GHSA-67wg-6j7r-mqh8
was published
for
typo3/cms
(Composer)
Jun 5, 2024
Missing Access Check in TYPO3 CMS
Critical
GHSA-gwfx-p7mr-f92v
was published
for
typo3/cms
(Composer)
Jun 5, 2024
Files or Directories Accessible to External Parties in ProjectDiscovery
Critical
CVE-2024-5262
was published
for
github.com/projectdiscovery/interactsh
(Go)
Jun 5, 2024
ProTip!
Advisories are also available from the
GraphQL API