GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,000
Erlang
29
GitHub Actions
16
Go
1,785
Maven
5,000+
npm
3,547
NuGet
621
pip
3,139
Pub
10
RubyGems
839
Rust
795
Swift
34
Unreviewed advisories
All unreviewed
5,000+
6,814 advisories
Filter by severity
Apache Airflow has DAG Author Code Execution possibility in airflow-scheduler
High
CVE-2024-39877
was published
for
apache-airflow
(pip)
Jul 17, 2024
malicious container creates symlink "mtab" on the host External
High
CVE-2024-5154
was published
for
github.com/cri-o/cri-o
(Go)
Jun 4, 2024
Unrestricted Upload of File with Dangerous Type Apache Tomcat
High
CVE-2017-12617
was published
for
org.apache.tomcat:tomcat
(Maven)
May 14, 2022
Command Injection in Kylin
High
CVE-2020-1956
was published
for
org.apache.kylin:kylin-core-common
(Maven)
Jul 27, 2020
When running Apache Tomcat on Windows with HTTP PUTs enabled it was possible to upload a JSP file to the server
High
CVE-2017-12615
was published
for
org.apache.tomcat.embed:tomcat-embed-core
(Maven)
Oct 17, 2018
Directory traversal vulnerability in Action View in Ruby on Rails
High
CVE-2016-0752
was published
for
actionpack
(RubyGems)
Oct 24, 2017
Fiona affected by CVE-2020-14152 related to madler-zlib
High
GHSA-g4m4-9q4c-mfw6
was published
for
fiona
(pip)
Jul 16, 2024
Hashicorp Vault vulnerable to Improper Check or Handling of Exceptional Conditions
High
CVE-2024-6468
was published
for
github.com/hashicorp/vault
(Go)
Jul 11, 2024
Plate media plugins has a XSS in media embed element when using custom URL parsers
High
CVE-2024-40631
was published
for
@udecode/plate-media
(npm)
Jul 15, 2024
Apache Linkis DataSource's JDBC Datasource Module with DB2 has JNDI Injection vulnerability
High
CVE-2023-49566
was published
for
org.apache.linkis:linkis-datasource
(Maven)
Jul 15, 2024
Apache Linkis DataSource remote code execution vulnerability
High
CVE-2023-46801
was published
for
org.apache.linkis:linkis-datasource
(Maven)
Jul 15, 2024
langchain-experimental vulnerable to Arbitrary Code Execution
High
CVE-2024-21513
was published
for
langchain-experimental
(pip)
Jul 15, 2024
setuptools vulnerable to Command Injection via package URL
High
CVE-2024-6345
was published
for
setuptools
(pip)
Jul 15, 2024
Malware package cipherbcrypt
High
GHSA-5grr-72f9-678v
was published
for
cipherbcrypt
(pip)
Jul 12, 2024
Gogs allows argument injection during the tagging of a new release
High
CVE-2024-39933
was published
for
github.com/gogs/gogs
(Go)
Jul 4, 2024
electron-updater Code Signing Bypass on Windows
High
CVE-2024-39698
was published
for
electron-updater
(npm)
Jul 9, 2024
Apache Tomcat Improper Input Validation vulnerability
High
CVE-2023-46589
was published
for
org.apache.tomcat.embed:tomcat-embed-core
(Maven)
Nov 28, 2023
Django vulnerable to Denial of Service
High
CVE-2024-38875
was published
for
Django
(pip)
Jul 10, 2024
Django vulnerable to Denial of Service
High
CVE-2024-39614
was published
for
Django
(pip)
Jul 10, 2024
Next.js Denial of Service (DoS) condition
High
CVE-2024-39693
was published
for
next
(npm)
Jul 10, 2024
node-twain vulnerable to Improper Check or Handling of Exceptional Conditions
High
CVE-2024-21525
was published
for
node-twain
(npm)
Jul 10, 2024
images vulnerable to Denial of Service
High
CVE-2024-21523
was published
for
images
(npm)
Jul 10, 2024
node-stringbuilder vulnerable to Out-of-bounds Read
High
CVE-2024-21524
was published
for
node-stringbuilder
(npm)
Jul 10, 2024
ProTip!
Advisories are also available from the
GraphQL API