Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,958
Erlang
29
GitHub Actions
16
Go
1,745
Maven
4,971
npm
3,507
NuGet
609
pip
3,066
Pub
10
RubyGems
832
Rust
780
Swift
34
Unreviewed advisories
All unreviewed
5,000+

8,615 advisories

Moby (Docker Engine) is vulnerable to Ambiguous OCI manifest parsing Moderate
GHSA-xmmx-7jpf-fx42 was published for github.com/docker/docker (Go) Jun 10, 2024
Docker CLI leaks private registry credentials to registry-1.docker.io Moderate
CVE-2021-41092 was published for github.com/docker/cli (Go) Jun 10, 2024
Elasticsearch Uncontrolled Resource Consumption vulnerability Moderate
CVE-2024-23450 was published for org.elasticsearch:elasticsearch (Maven) Mar 27, 2024
SSRF vulnerability using the Aegis DataBinding in Apache CXF Moderate
CVE-2024-28752 was published for org.apache.cxf:cxf-core (Maven) Mar 15, 2024
sanitize-html Information Exposure vulnerability Moderate
CVE-2024-21501 was published for sanitize-html (npm) Feb 24, 2024
oscerd krassowski
Golang protojson.Unmarshal function infinite loop when unmarshaling certain forms of invalid JSON Moderate
CVE-2024-24786 was published for google.golang.org/protobuf (Go) Mar 6, 2024
oscerd chancez
Rails has possible Sensitive Session Information Leak in Active Storage Moderate
CVE-2024-26144 was published for activestorage (RubyGems) Feb 27, 2024
yoshizawa-masatoshi tyage
postmodern
Rack vulnerable to ReDoS in content type parsing (2nd degree polynomial) Moderate
CVE-2024-25126 was published for rack (RubyGems) Feb 28, 2024
byroot
Rails has possible XSS Vulnerability in Action Controller Moderate
CVE-2024-26143 was published for actionpack (RubyGems) Feb 27, 2024
ooooooo-q yoshizawa-masatoshi
postmodern stdedos
Requests `Session` object does not verify requests after making first request with verify=False Moderate
CVE-2024-35195 was published for requests (pip) May 20, 2024
mikeassel sigmavirus24
nateprewitt
Jinja vulnerable to HTML attribute injection when passing user input as keys to xmlattr filter Moderate
CVE-2024-34064 was published for Jinja2 (pip) May 6, 2024
Ry0taK
ejs lacks certain pollution protection Moderate
CVE-2024-33883 was published for ejs (npm) Apr 28, 2024
Potential DoS via the Tudoor mechanism in eventlet and dnspython Moderate
CVE-2023-29483 was published for dnspython (pip) Apr 11, 2024
Duplicate Advisory: Grafana vulnerable to authorization bypass Moderate
GHSA-mh7p-8m2f-qrm6 was published for github.com/grafana/grafana (Go) Mar 26, 2024 withdrawn
HashiCorpVault does not correctly validate OCSP responses Moderate
CVE-2024-2660 was published for github.com/hashicorp/vault (Go) Apr 4, 2024
Denial of service while parsing a tar file due to lack of folders count validation Moderate
CVE-2024-28863 was published for node-tar (npm) Mar 22, 2024
DEMON1A AlmogApiiro
ebickle
Command Injection in pip when used with Mercurial Moderate
CVE-2023-5752 was published for pip (pip) Oct 25, 2023
mwpeterson
formwork Cross-site scripting vulnerability in Markdown fields Moderate
CVE-2024-35621 was published for getformwork/formwork (Composer) May 28, 2024
Kyokito1412
ZITADEL's Improper Lockout Mechanism Leads to MFA Bypass Moderate
CVE-2024-32868 was published for github.com/zitadel/zitadel (Go) Apr 25, 2024
livio-a Skelmis
itz-d0dgy amit-laish muhlemmer peintnermax
ua-parser/uap-php ReDoS vulnerability Moderate
GHSA-78hm-5hjw-58mh was published for ua-parser/uap-php (Composer) Jun 7, 2024
Wikimedia Parsoid vulnerable to Cross-site Scripting (XSS) Moderate
CVE-2021-30458 was published for wikimedia/parsoid (Composer) May 24, 2022
Zend-developer-tools information disclosure vulnerability Moderate
GHSA-qg7m-mwxm-j3h7 was published for zendframework/zend-developer-tools (Composer) Jun 7, 2024
Zend_Filter_StripTags vulnerable to Cross-site Scripting when comments allowed Moderate
GHSA-4vf6-mq7w-3hp6 was published for zendframework/zendframework1 (Composer) Jun 7, 2024
Zend-Diactoros URL Rewrite vulnerability Moderate
GHSA-fq4p-86hh-42v9 was published for zendframework/zend-diactoros (Composer) Jun 7, 2024
Zendframework potential Cross-site Scripting vector in `Zend_Service_ReCaptcha_MailHide` Moderate
GHSA-4v57-pwvf-x35j was published for zendframework/zendframework1 (Composer) Jun 7, 2024
ProTip! Advisories are also available from the GraphQL API