GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,972
Erlang
29
GitHub Actions
16
Go
1,762
Maven
4,983
npm
3,518
NuGet
609
pip
3,094
Pub
10
RubyGems
833
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
93,966 advisories
Filter by severity
Server-Side Request Forgery (SSRF) vulnerability in Theme-Ruby Foxiz.This issue affects Foxiz:...
High
Unreviewed
CVE-2024-37260
was published
Jul 6, 2024
A signal handler race condition was found in OpenSSH's server (sshd), where a client does not...
High
Unreviewed
CVE-2024-6387
was published
Jul 1, 2024
Certifi removes GLOBALTRUST root certificate
High
CVE-2024-39689
was published
for
certifi
(pip)
Jul 5, 2024
vanna-ai/vanna version v0.3.4 is vulnerable to SQL injection in some file-critical functions such...
High
Unreviewed
CVE-2024-5753
was published
Jul 5, 2024
Potential memory exhaustion attack due to sparse slice deserialization
High
CVE-2024-37298
was published
for
github.com/gorilla/schema
(Go)
Jul 1, 2024
Uncontrolled resource consumption in braces
High
CVE-2024-4068
was published
for
braces
(npm)
May 14, 2024
protobuf-cpp and protobuf-python have potential Denial of Service issue
High
CVE-2022-1941
was published
for
protobuf
(pip)
Sep 23, 2022
Moodle CSRF risk in admin preset tool management of presets
High
CVE-2024-34001
was published
for
moodle/moodle
(Composer)
May 31, 2024
Langflow remote code execution vulnerability
High
CVE-2024-37014
was published
for
langflow
(pip)
Jun 10, 2024
AdGuardHome privilege escalation vulnerability
High
CVE-2024-36586
was published
for
github.com/AdguardTeam/AdGuardHome
(Go)
Jun 13, 2024
langchain_experimental Code Execution via Python REPL access
High
CVE-2024-38459
was published
for
langchain-experimental
(pip)
Jun 16, 2024
Object Resolver Prototype Pollution
High
CVE-2024-36577
was published
for
@apphp/object-resolver
(npm)
Jun 17, 2024
NASA AIT-Core uses unencrypted channels to exchange data over the network
High
CVE-2024-35061
was published
for
ait-core
(pip)
May 21, 2024
Keycloak path transversal vulnerability in redirection validation
High
CVE-2024-1132
was published
for
org.keycloak:keycloak-services
(Maven)
Apr 17, 2024
s3-url-parser vulnerable to Denial of Service via regexes component
High
CVE-2024-25355
was published
for
s3-url-parser
(npm)
May 1, 2024
Apache Tomcat - Denial of Service
High
CVE-2024-34750
was published
for
org.apache.tomcat.embed:tomcat-embed-core
(Maven)
Jul 3, 2024
Bypassing IP allow-lists in traefik via HTTP/3 early data requests in QUIC 0-RTT handshakes
High
CVE-2024-39321
was published
for
github.com/traefik/traefik
(Go)
Jul 5, 2024
Server Side Request Forgery (SSRF) attack in Fedify
High
CVE-2024-39687
was published
for
@fedify/fedify
(npm)
Jul 5, 2024
Gogs allows argument injection during the tagging of a new release
High
CVE-2024-39933
was published
for
github.com/gogs/gogs
(Go)
Jul 4, 2024
Improper privilege management in Jungo WinDriver before 12.1.0 allows local attackers to escalate...
High
Unreviewed
CVE-2023-51776
was published
Jul 2, 2024
NLnet Labs Unbound version 1.18.0 up to and including version 1.19.1 contain a vulnerability that...
High
Unreviewed
CVE-2024-1931
was published
Mar 7, 2024
Improper privilege management in Jungo WinDriver 6.0.0 through 16.1.0 allows local attackers to...
High
Unreviewed
CVE-2024-26314
was published
Jul 2, 2024
The IMGspider plugin for WordPress is vulnerable to arbitrary file uploads due to missing file...
High
Unreviewed
CVE-2024-6319
was published
Jul 4, 2024
ProTip!
Advisories are also available from the
GraphQL API