Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,967
Erlang
29
GitHub Actions
16
Go
1,747
Maven
4,975
npm
3,507
NuGet
609
pip
3,073
Pub
10
RubyGems
832
Rust
780
Swift
34
Unreviewed advisories
All unreviewed
5,000+

19,349 advisories

Loading
Remote Code Execution in create_conda_env function in lollms Moderate
CVE-2024-3121 was published for lollms (pip) Jun 24, 2024
llhttp vulnerable to HTTP request smuggling High
CVE-2023-30589 was published for llhttp (npm) Jul 1, 2023
netty-handler SniHandler 16MB allocation Moderate
CVE-2023-34462 was published for io.netty:netty-handler (Maven) Jun 20, 2023
vietj
openssl-src vulnerable to Use-after-free following `BIO_new_NDEF` High
CVE-2023-0215 was published for openssl-src (Rust) Feb 8, 2023
another-rex
openssl-src's infinite loop in `BN_mod_sqrt()` reachable when parsing certificates High
CVE-2022-0778 was published for openssl-src (Rust) Mar 16, 2022
rajivshah3 michaelkedar
AES OCB fails to encrypt some bytes High
CVE-2022-2097 was published for openssl-src (Rust) Jul 6, 2022
another-rex
pypa/setuptools vulnerable to Regular Expression Denial of Service (ReDoS) High
CVE-2022-40897 was published for setuptools (pip) Dec 23, 2022
jsonwebtoken's insecure implementation of key retrieval function could lead to Forgeable Public/Private Tokens from RSA to HMAC Moderate
CVE-2022-23541 was published for jsonwebtoken (npm) Dec 22, 2022
jsonwebtoken unrestricted key type could lead to legacy keys usage High
CVE-2022-23539 was published for jsonwebtoken (npm) Dec 22, 2022
Apache Xalan Java XSLT library integer truncation issue when processing malicious XSLT stylesheets High
CVE-2022-34169 was published for xalan:xalan (Maven) Jul 20, 2022
udengaardandersent-ELS Diddern
skuma762_uhg
Prototype Pollution in async High
CVE-2021-43138 was published for async (npm) Apr 7, 2022
dargmuesli FrederikBolding
jomi-se azaleski morenol MaxLian11
SnakeYaml Constructor Deserialization Remote Code Execution High
CVE-2022-1471 was published for org.yaml:snakeyaml (Maven) Dec 12, 2022
justintaft securisec
JLLeitschuh DmitriyLewen yairmzr pjfanning
Remote Code Execution via path traversal bypass in lollms Critical
CVE-2024-5443 was published for lollms (pip) Jun 22, 2024
Read buffer overruns processing ASN.1 strings High
CVE-2021-3712 was published for openssl-src (Rust) May 24, 2022
another-rex
SM2 Decryption Buffer Overflow Critical
CVE-2021-3711 was published for openssl-src (Rust) May 24, 2022
another-rex
Open redirect in gradio Moderate
CVE-2024-4940 was published for gradio (pip) Jun 22, 2024
Improper Restriction of XML External Entity Reference in org.cyclonedx:cyclonedx-core-java High
CVE-2024-38374 was published for org.cyclonedx:cyclonedx-core-java (Maven) Jun 24, 2024
mr-zepol nscuro
Arbitrary File Creation in opencart Moderate
CVE-2024-21519 was published for opencart/opencart (Composer) Jun 22, 2024
Cross site scripting in opencart Moderate
CVE-2024-21517 was published for opencart/opencart (Composer) Jun 22, 2024
Cross site scripting in opencart Moderate
CVE-2024-21516 was published for opencart/opencart (Composer) Jun 22, 2024
Cross site scripting in opencart Moderate
CVE-2024-21515 was published for opencart/opencart (Composer) Jun 22, 2024
SQL injection in opencart High
CVE-2024-21514 was published for opencart/opencart (Composer) Jun 22, 2024
Keycloak's unvalidated cross-origin messages in checkLoginIframe leads to DDoS High
CVE-2024-1249 was published for org.keycloak:keycloak-services (Maven) Apr 17, 2024
dhvakr
json-smart Uncontrolled Recursion vulnerabilty High
CVE-2023-1370 was published for net.minidev:json-smart (Maven) Mar 23, 2023
events2 TYPO3 extension insecure direct object reference (IDOR) vulnerability Moderate
CVE-2024-38874 was published for jweiland/events2 (Composer) Jun 21, 2024
iepn
ProTip! Advisories are also available from the GraphQL API