GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,000
Erlang
29
GitHub Actions
16
Go
1,785
Maven
5,000+
npm
3,547
NuGet
621
pip
3,139
Pub
10
RubyGems
839
Rust
795
Swift
34
Unreviewed advisories
All unreviewed
5,000+
6,814 advisories
Filter by severity
SixLabors ImageSharp Out-of-bounds Write
High
CVE-2024-41131
was published
for
SixLabors.ImageSharp
(NuGet)
Jul 22, 2024
(ReDoS) Regular Expression Denial of Service in tf2-item-format
High
CVE-2024-41655
was published
for
tf2-item-format
(npm)
Jul 23, 2024
Unlimited number of NTS-KE connections can crash ntpd-rs server
High
CVE-2024-38528
was published
for
ntpd
(Rust)
Jun 28, 2024
Insufficient validation when decoding a Socket.IO packet
High
CVE-2023-32695
was published
for
socket.io-parser
(npm)
May 23, 2023
Argo CD Unauthenticated Denial of Service (DoS) Vulnerability via /api/webhook Endpoint
High
CVE-2024-40634
was published
for
github.com/argoproj/argo-cd
(Go)
Jul 22, 2024
H2O vulnerable to Deserialization of Untrusted Data
High
CVE-2024-6960
was published
for
ai.h2o:h2o-core
(Maven)
Jul 21, 2024
Woodpecker's custom workspace allow to overwrite plugin entrypoint executable
High
CVE-2024-41121
was published
for
go.woodpecker-ci.org/woodpecker
(Go)
Jul 19, 2024
Woodpecker's custom environment variables allow to alter execution flow of plugins
High
CVE-2024-41122
was published
for
go.woodpecker-ci.org/woodpecker
(Go)
Jul 19, 2024
Apache Pulsar SASL Authentication Provider observable timing discrepancy vulnerability
High
CVE-2023-51437
was published
for
org.apache.pulsar:pulsar-broker-auth-sasl
(Maven)
Feb 7, 2024
Automad arbitrary file upload vulnerability
High
CVE-2024-40400
was published
for
automad/automad
(Composer)
Jul 19, 2024
lunary-ai/lunary XSS in SAML metadata endpoint
High
CVE-2024-5478
was published
for
lunary
(npm)
Jun 6, 2024
Apache CXF: SSRF vulnerability via WADL stylesheet parameter
High
CVE-2024-29736
was published
for
org.apache.cxf:cxf-rt-rs-service-description
(Maven)
Jul 19, 2024
gRPC-Go HTTP/2 Rapid Reset vulnerability
High
GHSA-m425-mq94-257g
was published
for
google.golang.org/grpc
(Go)
Oct 25, 2023
Improper Input Validation in Datomic
High
CVE-2018-10054
was published
for
com.datomic:datomic-free
(Maven)
May 13, 2022
Absent Input Validation in BinaryHttpParser
High
CVE-2024-40642
was published
for
io.netty.incubator:netty-incubator-codec-bhttp
(Maven)
Jul 18, 2024
Sliver Allows Authenticated Operator-to-Server Remote Code Execution
High
CVE-2024-41111
was published
for
github.com/bishopfox/sliver
(Go)
Jul 18, 2024
Apache StreamPipes has potential remote code execution (RCE) via file upload
High
CVE-2024-31411
was published
for
org.apache.streampipes:streampipes-parent
(Maven)
Jul 17, 2024
Moodle CSRF risk in analytics management of models
High
CVE-2024-34008
was published
for
moodle/moodle
(Composer)
May 31, 2024
Apache Wicket: Remote code execution via XSLT injection
High
CVE-2024-36522
was published
for
org.apache.wicket:wicket-util
(Maven)
Jul 12, 2024
openCart Server-Side Template Injection (SSTI) vulnerability
High
CVE-2024-40420
was published
for
opencart/opencart
(Composer)
Jul 17, 2024
projectdiscovery/nuclei allows unsigned code template execution through workflows
High
CVE-2024-40641
was published
for
github.com/projectdiscovery/nuclei/v3
(Go)
Jul 17, 2024
Eclipse Parsson stack overflow when parsing deeply nested input
High
CVE-2023-7272
was published
for
org.eclipse.parsson:parsson
(Maven)
Jul 17, 2024
Sylius has a security vulnerability via adjustments API endpoint
High
CVE-2024-40633
was published
for
sylius/sylius
(Composer)
Jul 17, 2024
ProTip!
Advisories are also available from the
GraphQL API