Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,965
Erlang
29
GitHub Actions
16
Go
1,747
Maven
4,975
npm
3,507
NuGet
609
pip
3,072
Pub
10
RubyGems
832
Rust
780
Swift
34
Unreviewed advisories
All unreviewed
5,000+

2,935 advisories

Loading
Authentication bypass in dtale Critical
CVE-2024-3408 was published for dtale (pip) Jun 6, 2024
Zendframework vulnerable to XXE/XEE attacks Critical
GHSA-qc7w-4567-84wv was published for zendframework/zendframework (Composer) Jun 7, 2024
ZendFramework vulnerable to XXE/XEE attacks Critical
GHSA-f4fj-q6m4-cc52 was published for zendframework/zend-xmlrpc (Composer) Jun 7, 2024
ZendFramework potential SQL Injection Vector When Using PDO_MySql Critical
GHSA-qf36-fx9f-232x was published for zendframework/zendframework1 (Composer) Jun 7, 2024
ZendFramework potential XML eXternal Entity injection vectors Critical
GHSA-mhpx-3rv8-wrjm was published for zendframework/zendframework1 (Composer) Jun 7, 2024
Zend-JSON vulnerable to XXE/XEE attacks Critical
GHSA-8x2v-pcg7-94f4 was published for zendframework/zend-json (Composer) Jun 7, 2024
ebookmeta XML External Entity vulnerability Critical
CVE-2024-37388 was published for ebookmeta (pip) Jun 7, 2024
willdurand/js-translation-bundle potential path traversal attack and remote code injection Critical
GHSA-x86x-qhf8-f37w was published for willdurand/js-translation-bundle (Composer) Jun 7, 2024
ZendFramework1 Potential SQL injection in the ORDER implementation of Zend_Db_Select Critical
GHSA-2x36-qhx3-7m5f was published for zendframework/zendframework1 (Composer) Jun 7, 2024
Zendframework1 potential SQL injection vector using null byte for PDO (MsSql, SQLite) Critical
GHSA-v42g-7q2x-cw32 was published for zendframework/zendframework1 (Composer) Jun 7, 2024
Zendframework1 Potential SQL injection in ORDER and GROUP functions Critical
GHSA-6fqw-j3vm-7f66 was published for zendframework/zendframework1 (Composer) Jun 7, 2024
lunary-ai/lunary allows users unauthorized access to projects Critical
CVE-2024-4146 was published for lunary (npm) Jun 8, 2024
Duplicate Advisory: SQL injection in pgjdbc Critical
GHSA-xfg6-62px-cxc2 was published for org.postgresql:postgresql (Maven) Feb 19, 2024 withdrawn
Rancher Recreates Default User With Known Password Despite Deletion Critical
CVE-2019-11202 was published for github.com/rancher/rancher (Go) May 24, 2022
Apache Traffic Control Traffic Ops Vulnerable to LDAP Injection Critical
CVE-2021-43350 was published for github.com/apache/trafficcontrol (Go) May 24, 2022
Jan path traversal vulnerability Critical
CVE-2024-36858 was published for @janhq/core (npm) Jun 4, 2024
Jan path traversal vulnerability Critical
CVE-2024-37273 was published for @janhq/core (npm) Jun 4, 2024
parisneo/lollms Local File Inclusion (LFI) attack Critical
CVE-2024-4315 was published for lollms (pip) Jun 12, 2024
Jupyter Server Proxy has a reflected XSS issue in host parameter Critical
CVE-2024-35225 was published for jupyter-server-proxy (pip) Jun 11, 2024
dlqqq
document-merge-service vulnerable to Remote Code Execution via Server-Side Template Injection Critical
CVE-2024-37301 was published for document-merge-service (pip) Jun 11, 2024
c0rydoras
lunary-ai/lunary Access Control Vulnerability in Prompt Variation Management Critical
CVE-2024-5389 was published for lunary (pip) Jun 10, 2024
Apache Submarine Server Core Incorrect Authorization vulnerability Critical
CVE-2024-36265 was published for org.apache.submarine:submarine-server-core (Maven) Jun 12, 2024
Magento Open Source affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability Critical
CVE-2024-34102 was published for magento/community-edition (Composer) Jun 13, 2024
Unable to generate the correct character set Critical
CVE-2024-36400 was published for nano-id (Rust) Jun 4, 2024
ciffelia
Files or Directories Accessible to External Parties in ProjectDiscovery Critical
CVE-2024-5262 was published for github.com/projectdiscovery/interactsh (Go) Jun 5, 2024
ProTip! Advisories are also available from the GraphQL API