GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,958
Erlang
29
GitHub Actions
16
Go
1,745
Maven
4,971
npm
3,507
NuGet
609
pip
3,066
Pub
10
RubyGems
832
Rust
780
Swift
34
Unreviewed advisories
All unreviewed
5,000+
2,933 advisories
Filter by severity
VuFind Server-Side Request Forgery (SSRF) vulnerability
Critical
CVE-2024-25738
was published
for
vufind/vufind
(Composer)
May 22, 2024
Silverstripe Brute force bypass on default admin
Critical
GHSA-8v6m-7f5v-hhx6
was published
for
silverstripe/framework
(Composer)
May 23, 2024
Dolibarr vulnerable to SQL Injection
Critical
CVE-2024-5314
was published
for
dolibarr/dolibarr
(Composer)
May 24, 2024
Dolibarr vulnerable to SQL Injection
Critical
CVE-2024-5315
was published
for
dolibarr/dolibarr
(Composer)
May 24, 2024
nats-io/jwt not enforcing checking of Import token permissions
Critical
CVE-2021-3127
was published
for
github.com/nats-io/jwt
(Go)
Feb 15, 2022
Spring Boot Security Bypass with Wildcard Pattern Matching on Cloud Foundry
Critical
CVE-2023-20873
was published
for
org.springframework.boot:spring-boot-actuator-autoconfigure
(Maven)
Apr 20, 2023
llama-cpp-python vulnerable to Remote Code Execution by Server-Side Template Injection in Model Metadata
Critical
CVE-2024-34359
was published
for
llama-cpp-python
(pip)
May 13, 2024
SimpleSAMLphp signature validation bypass
Critical
GHSA-fjr2-r2mp-484p
was published
for
simplesamlphp/simplesamlphp
(Composer)
May 28, 2024
Mocodo vulnerable to SQL injection in `/web/generate.php`
Critical
CVE-2024-35374
was published
for
mocodo
(pip)
May 28, 2024
Swiftmailer Sendmail transport arbitrary shell execution
Critical
GHSA-4qpj-gxxg-jqg4
was published
for
swiftmailer/swiftmailer
(Composer)
May 29, 2024
Symfony XML decoding attack vector through external entities
Critical
GHSA-j68w-pg49-f6vx
was published
for
symfony/serializer
(Composer)
May 30, 2024
xmlquery lacks check for whether LoadURL response is in XML format, causing denial of service
Critical
CVE-2020-25614
was published
for
github.com/antchfx/xmlquery
(Go)
Oct 7, 2022
Symfony XML decoding attack vector through external entities
Critical
GHSA-mmcv-fvq8-r9x3
was published
for
symfony/symfony
(Composer)
May 30, 2024
terminal42/contao-tablelookupwizard possible SQL injection in widget field value
Critical
GHSA-7fpj-wc8v-9cgc
was published
for
terminal42/contao-tablelookupwizard
(Composer)
May 30, 2024
titon/framework vulnerable to Remote Code Execution via Chosen-Ciphertext Attack
Critical
GHSA-q3jm-v27q-jfww
was published
for
titon/framework
(Composer)
May 30, 2024
TYPO3 CMS Insecure Deserialization & Arbitrary Code Execution
Critical
GHSA-cc97-g92w-jm65
was published
for
typo3/cms-core
(Composer)
May 30, 2024
Duplicate Advisory: NuGet Client Security Feature Bypass Vulnerability
Critical
GHSA-jw42-5m4v-9c8g
was published
for
NuGet.CommandLine
(NuGet)
Jan 9, 2024
•
withdrawn
qdrant is vulnerable to path traversal due to improper input validation in the `/collections/{name}/snapshots/upload` endpoint
Critical
CVE-2024-3584
was published
for
qdrant
(Rust)
Jun 2, 2024
MyBatis-Plus vulnerable to SQL injection via TenantPlugin
Critical
CVE-2023-25330
was published
for
com.baomidou:mybatis-plus
(Maven)
Apr 5, 2023
nano-id reduced entropy due to inadequate character set usage
Critical
GHSA-2hfw-w739-p7x5
was published
for
nano-id
(Rust)
Jun 4, 2024
qdrant input validation failure
Critical
CVE-2024-3829
was published
for
qdrant-client
(pip)
Jun 3, 2024
Withdrawn Advisory: OS Command Injection in effect
Critical
CVE-2020-7624
was published
for
effect
(npm)
Feb 10, 2022
•
withdrawn
Missing Access Check in TYPO3 CMS
Critical
GHSA-gwfx-p7mr-f92v
was published
for
typo3/cms
(Composer)
Jun 5, 2024
Arbitrary Code Execution in TYPO3 CMS
Critical
GHSA-67wg-6j7r-mqh8
was published
for
typo3/cms
(Composer)
Jun 5, 2024
Remote code execution in pytorch lightning
Critical
CVE-2024-5452
was published
for
lightning
(pip)
Jun 6, 2024
ProTip!
Advisories are also available from the
GraphQL API