Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,958
Erlang
29
GitHub Actions
16
Go
1,745
Maven
4,971
npm
3,507
NuGet
609
pip
3,066
Pub
10
RubyGems
832
Rust
780
Swift
34
Unreviewed advisories
All unreviewed
5,000+

6,706 advisories

Skops unsafe deserialization High
CVE-2024-37065 was published for skops (pip) Jun 4, 2024
ydata unsafe deserialization High
CVE-2024-37062 was published for ydata-profiling (pip) Jun 4, 2024
ydata cross-site scripting High
CVE-2024-37063 was published for ydata-profiling (pip) Jun 4, 2024
ydata unsafe deserialization High
CVE-2024-37064 was published for ydata-profiling (pip) Jun 4, 2024
MLFlow improper input validation High
CVE-2024-37061 was published for mlflow (pip) Jun 4, 2024
MLFlow unsafe deserialization High
CVE-2024-37059 was published for mlflow (pip) Jun 4, 2024
MLFlow unsafe deserialization High
CVE-2024-37060 was published for mlflow (pip) Jun 4, 2024
MLFlow unsafe deserialization High
CVE-2024-37058 was published for mlflow (pip) Jun 4, 2024
MLFlow unsafe deserialization High
CVE-2024-37057 was published for mlflow (pip) Jun 4, 2024
MLFlow unsafe deserialization High
CVE-2024-37054 was published for mlflow (pip) Jun 4, 2024
litios
MLFlow unsafe deserialization High
CVE-2024-37056 was published for mlflow (pip) Jun 4, 2024
MLFlow unsafe deserialization High
CVE-2024-37053 was published for mlflow (pip) Jun 4, 2024
MLFlow unsafe deserialization High
CVE-2024-37052 was published for mlflow (pip) Jun 4, 2024
MLFlow unsafe deserialization High
CVE-2024-37055 was published for mlflow (pip) Jun 4, 2024
TYPO3 SQL Injection in dbal High
GHSA-9895-53fc-98v2 was published for typo3/cms (Composer) Jun 3, 2024
Silverpeas authentication bypass High
CVE-2024-36042 was published for org.silverpeas.core:silverpeas-core (Maven) Jun 3, 2024
activeadmin vulnerable to stored persistent cross-site scripting (XSS) in dynamic form legends High
CVE-2024-37031 was published for activeadmin (RubyGems) Jun 2, 2024
aoprea1982
Unsafe Reflection in base Component class in yiisoft/yii2 High
CVE-2024-4990 was published for yiisoft/yii2 (Composer) Jun 2, 2024
zonia3000 mtangoo
iBotPeaches
Decompressors can crash the JVM and leak memory content in Aircompressor High
CVE-2024-36114 was published for io.airlift:aircompressor (Maven) Jun 2, 2024
ptaoussanis Marcono1234
ip SSRF improper categorization in isPublic High
CVE-2024-29415 was published for ip (npm) Jun 2, 2024
Moodle Improper Input Validation High
CVE-2024-33999 was published for moodle/moodle (Composer) May 31, 2024
Vanna prompt injection code execution High
CVE-2024-5565 was published for vanna (pip) May 31, 2024
TYPO3 frontend login vulnerable to Session Fixation High
GHSA-r9vc-jfmh-6j48 was published for typo3/cms (Composer) May 30, 2024
TYPO3 may allow editors to change, create, or delete metadata of files not within their file mounts High
GHSA-4r76-xr68-w7m7 was published for typo3/cms (Composer) May 30, 2024
TYPO3 possible cache poisoning on the homepage when anchors are used High
GHSA-p84g-j2gh-83g3 was published for typo3/cms (Composer) May 30, 2024
ProTip! Advisories are also available from the GraphQL API