GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,998
Erlang
29
GitHub Actions
16
Go
1,784
Maven
5,000+
npm
3,545
NuGet
620
pip
3,138
Pub
10
RubyGems
839
Rust
795
Swift
34
Unreviewed advisories
All unreviewed
5,000+
6,811 advisories
Filter by severity
LNbits improperly handles potential network and payment failures when using Eclair backend
High
CVE-2024-34694
was published
for
lnbits
(pip)
Jun 17, 2024
ws affected by a DoS when handling a request with many HTTP headers
High
CVE-2024-37890
was published
for
ws
(npm)
Jun 17, 2024
Object Resolver Prototype Pollution
High
CVE-2024-36577
was published
for
@apphp/object-resolver
(npm)
Jun 17, 2024
langchain_experimental Code Execution via Python REPL access
High
CVE-2024-38459
was published
for
langchain-experimental
(pip)
Jun 16, 2024
Snipe-IT allows users to promote or demote themselves or other users
High
CVE-2024-5685
was published
for
snipe/snipe-it
(Composer)
Jun 14, 2024
AdGuardHome privilege escalation vulnerability
High
CVE-2024-36586
was published
for
github.com/AdguardTeam/AdGuardHome
(Go)
Jun 13, 2024
Vulnerabilities with the k8sGPT
High
GHSA-85rg-8m6h-825p
was published
for
github.com/k8sgpt-ai/k8sgpt
(Go)
Jun 13, 2024
Cilium leaks sensitive information in cilium-bugtool
High
CVE-2024-37307
was published
for
github.com/cilium/cilium
(Go)
Jun 13, 2024
@strapi/plugin-users-permissions leaks 3rd party authentication tokens and authentication bypass
High
CVE-2024-34065
was published
for
@strapi/plugin-users-permissions
(npm)
Jun 12, 2024
Globus `identity_provider` restriction ignored when used with `allow_all` in JupyterHub 5.0
High
CVE-2024-37300
was published
for
oauthenticator
(pip)
Jun 12, 2024
Apache Submarine Server Core has a SQL Injection Vulnerability
High
CVE-2024-36263
was published
for
org.apache.submarine:submarine-server-core
(Maven)
Jun 12, 2024
Keycloak's admin API allows low privilege users to use administrative functions
High
CVE-2024-3656
was published
for
org.keycloak:keycloak-services
(Maven)
Jun 11, 2024
Azure Storage Movement Client Library Denial of Service Vulnerability
High
CVE-2024-35252
was published
for
Microsoft.Azure.Storage.DataMovement
(NuGet)
Jun 11, 2024
ghtml Cross-Site Scripting (XSS) vulnerability
High
CVE-2024-37166
was published
for
ghtml
(npm)
Jun 10, 2024
Composer has a command injection via malicious git branch name
High
CVE-2024-35241
was published
for
composer/composer
(Composer)
Jun 10, 2024
Composer has multiple command injections via malicious git/hg branch names
High
CVE-2024-35242
was published
for
composer/composer
(Composer)
Jun 10, 2024
Langflow remote code execution vulnerability
High
CVE-2024-37014
was published
for
langflow
(pip)
Jun 10, 2024
Keycloak exposes sensitive information in Pushed Authorization Requests (PAR)
High
GHSA-69fp-7c8p-crjr
was published
for
org.keycloak:keycloak-services
(Maven)
Jun 10, 2024
go-grpc-compression has a zstd decompression bombing vulnerability
High
GHSA-87m9-rv8p-rgmg
was published
for
github.com/mostynb/go-grpc-compression
(Go)
Jun 10, 2024
Authlib has algorithm confusion with asymmetric public keys
High
CVE-2024-37568
was published
for
authlib
(pip)
Jun 9, 2024
zfr authentication adapter did not verify validity of tokens
High
GHSA-rcm4-jv5g-wccm
was published
for
zfr/zfr-oauth2-server-module
(Composer)
Jun 7, 2024
ZendOpenID potential security issue in login mechanism
High
GHSA-3x57-m5p4-rgh4
was published
for
zendframework/zendopenid
(Composer)
Jun 7, 2024
Zendframework Potential Information Disclosure and Insufficient Entropy vulnerability
High
GHSA-848f-mph5-9pm9
was published
for
zendframework/zendframework1
(Composer)
Jun 7, 2024
ZendFramework1 Potential Insufficient Entropy Vulnerability
High
GHSA-8xhv-gqm4-3w99
was published
for
zendframework/zendframework1
(Composer)
Jun 7, 2024
ProTip!
Advisories are also available from the
GraphQL API