Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,985
Erlang
29
GitHub Actions
16
Go
1,774
Maven
4,999
npm
3,541
NuGet
617
pip
3,123
Pub
10
RubyGems
838
Rust
790
Swift
34
Unreviewed advisories
All unreviewed
5,000+

1,091 advisories

Loading
`docker cp` allows unexpected chmod of host files in Moby Docker Engine Low
CVE-2021-41089 was published for github.com/docker/docker (Go) Jun 10, 2024
LevanaXr ssst0n3
zenml-io/zenml does not expire the session after password reset Low
CVE-2024-4680 was published for zenml (pip) Jun 8, 2024
Symlink bypasses filesystem sandbox Low
CVE-2024-38358 was published for wasmer (Rust) Jun 7, 2024
yagehu
Improper authentication in zenml Low
CVE-2024-2213 was published for zenml (pip) Jun 6, 2024
Race condition in zenml Low
CVE-2024-2032 was published for zenml (pip) Jun 6, 2024
Cross site scripting in zenml Low
CVE-2024-2171 was published for zenml (pip) Jun 6, 2024
evmos allows transferring unvested tokens after delegations Low
CVE-2024-32873 was published for github.com/evmos/evmos/v10 (Go) Jun 6, 2024
s2n-tls has a potentially observable differences in RSA premaster secret handling Low
GHSA-52xf-5p2m-9wrv was published for s2n-tls (Rust) Jun 6, 2024
Password hash exposed in CraftCMS two factor authentication plugin Low
CVE-2024-5657 was published for born05/craft-twofactorauthentication (Composer) Jun 6, 2024
Typo3 Information Disclosure in Page Tree Low
GHSA-h934-f4m4-wc8x was published for typo3/cms (Composer) Jun 5, 2024
Information Disclosure in TYPO3 CMS Low
GHSA-c7p6-3c9c-f88q was published for typo3/cms (Composer) Jun 5, 2024
Arbitrary JavaScript execution due to using outdated libraries Low
GHSA-4m3g-6r7g-jv4f was published for gradio_pdf (pip) Jun 5, 2024
isacaya
SQL Injection in Harbor scan log API Low
CVE-2024-22261 was published for github.com/goharbor/harbor (Go) Jun 2, 2024
Password confirmation stored in plain text via registration form in statamic/cms Low
CVE-2024-36119 was published for statamic/cms (Composer) Jun 2, 2024
Slack integration leaks sensitive information in logs Low
CVE-2024-35196 was published for sentry (pip) Jun 2, 2024
asottile asottile-sentry
Fides Webserver Logs Hosted Database Password Partial Exposure Vulnerability Low
CVE-2024-34715 was published for ethyca-fides (pip) May 29, 2024
tariqajyusuf pattisdr
Umbraco Forms components vulnerable to Stored Cross-site Scripting Low
CVE-2024-35239 was published for Umbraco.Forms (NuGet) May 28, 2024
RaphaelCSSilva
silverstripe/framework sends passwords back to browsers under some circumstances Low
GHSA-vh7q-j8p5-2h4h was published for silverstripe/framework (Composer) May 27, 2024
silverstripe/framework's pre-existing alc_enc cookies log users in if remember me is disabled Low
GHSA-5r8w-66hq-rc39 was published for silverstripe/framework (Composer) May 27, 2024
silverstripe/framework password encryption salt not updated Low
GHSA-f3wp-xpv2-6vmg was published for silverstripe/framework (Composer) May 27, 2024
github.com/huandu/facebook may expose access_token in error message. Low
CVE-2024-35232 was published for github.com/huandu/facebook/v2 (Go) May 24, 2024
seiyab
vxe-table Cross-site Scripting vulnerability Low
CVE-2023-1001 was published for vxe-table (npm) May 24, 2024
Silverstripe admin XSS Vulnerability via WYSIWYG editor Low
GHSA-779c-7w4p-2c4g was published for silverstripe/admin (Composer) May 22, 2024
vantage6 collaboration admins can extend their influence by expanding the collaboration Low
CVE-2024-32969 was published for vantage6 (pip) May 22, 2024
github.com/bincyber/go-sqlcrypter vulnerable to IV collision Low
GHSA-2j6r-9vv4-6gf5 was published for github.com/bincyber/go-sqlcrypter (Go) May 20, 2024
ProTip! Advisories are also available from the GraphQL API