GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,992
Erlang
29
GitHub Actions
16
Go
1,780
Maven
5,000+
npm
3,544
NuGet
619
pip
3,134
Pub
10
RubyGems
838
Rust
793
Swift
34
Unreviewed advisories
All unreviewed
5,000+
8,712 advisories
Filter by severity
ai-controller-frontend payment status in basket isn't reset
Moderate
CVE-2024-39325
was published
for
aimeos/ai-controller-frontend
(Composer)
Jul 5, 2024
Panic in Pipeline when PgConn is busy or closed in github.com/jackc/pgx
Moderate
GHSA-fqpg-rq76-99pq
was published
for
github.com/jackc/pgx/v5
(Go)
Jul 5, 2024
Malicious Matrix homeserver can leak truncated message content of messages it shouldn't have access to
Moderate
CVE-2024-39691
was published
for
matrix-appservice-irc
(npm)
Jul 5, 2024
ZITADEL Vulnerable to Session Information Leakage
Moderate
CVE-2024-39683
was published
for
github.com/zitadel/zitadel
(Go)
Jul 5, 2024
Denial of service via malicious preflight requests in github.com/rs/cors
Moderate
GHSA-mh55-gqvf-xfwm
was published
for
github.com/rs/cors
(Go)
Jul 5, 2024
Pomerium exposed OAuth2 access and ID tokens in user info endpoint response
Moderate
CVE-2024-39315
was published
for
github.com/pomerium/pomerium
(Go)
Jul 5, 2024
ShopXO Server-Side Request Forgery Vulnerability
Moderate
CVE-2024-6524
was published
for
shopxo/shopxo
(Composer)
Jul 5, 2024
OpenStack Cinder, Glance, and Nova vulnerable to arbitrary file access
Moderate
CVE-2024-32498
was published
for
cinder
(pip)
Jul 5, 2024
github.com/google/nftable IP addresses were encoded in the wrong byte order
Moderate
CVE-2024-6284
was published
for
github.com/google/nftables
(Go)
Jul 4, 2024
Rack ReDoS Vulnerability in HTTP Accept Headers Parsing
Moderate
CVE-2024-39316
was published
for
rack
(RubyGems)
Jul 3, 2024
aimeos/ai-admin-jsonadm improper access control vulnerability allows editors to remove required records
Moderate
CVE-2024-39322
was published
for
aimeos/ai-admin-jsonadm
(Composer)
Jul 2, 2024
Weblate vulnerable to improper sanitization of project backups
Moderate
CVE-2024-39303
was published
for
Weblate
(pip)
Jul 1, 2024
GeoServer's Server Status shows sensitive environmental variables and Java properties
Moderate
CVE-2024-34696
was published
for
org.geoserver.web:gs-web-app
(Maven)
Jul 1, 2024
@cat5th/key-serializer Prototype Pollution vulnerability
Moderate
CVE-2024-39018
was published
for
@cat5th/key-serializer
(npm)
Jul 1, 2024
ag-grid packages vulnerable to Prototype Pollution
Moderate
CVE-2024-39001
was published
for
@ag-grid-enterprise/charts
(npm)
Jul 1, 2024
adolph_dudu ratio-swiper was discovered to contain a prototype pollution via the function extendDefaults
Moderate
CVE-2024-38997
was published
for
@adolph_dudu/ratio-swiper
(npm)
Jul 1, 2024
@aofl/cli-lib Prototype Pollution vulnerability
Moderate
CVE-2024-38987
was published
for
@aofl/cli-lib
(npm)
Jul 1, 2024
Reflected Cross-Site Scripting (XSS) in zenml
Moderate
CVE-2024-5062
was published
for
zenml
(pip)
Jun 30, 2024
Gin mishandles a wildcard at the end of an origin string
Moderate
CVE-2019-25211
was published
for
github.com/gin-contrib/cors
(Go)
Jun 29, 2024
CometBFT is unstability during blocksync when syncing from malicious peer
Moderate
GHSA-hg58-rf2h-6rr7
was published
for
github.com/cometbft/cometbft
(Go)
Jun 28, 2024
litellm vulnerable to improper access control in team management
Moderate
CVE-2024-5710
was published
for
litellm
(pip)
Jun 27, 2024
Directory creation by malicious user in saltstack
Moderate
CVE-2024-22231
was published
for
salt
(pip)
Jun 27, 2024
Panic when parsing invalid palette-color images in golang.org/x/image
Moderate
CVE-2024-24792
was published
for
golang.org/x/image
(Go)
Jun 26, 2024
@fastly/js-compute has a use-after-free in some host call implementations
Moderate
CVE-2024-38375
was published
for
@fastly/js-compute
(npm)
Jun 26, 2024
Cross-site Scripting in ZenUML
Moderate
CVE-2024-38527
was published
for
@zenuml/core
(npm)
Jun 26, 2024
ProTip!
Advisories are also available from the
GraphQL API