Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,972
Erlang
29
GitHub Actions
16
Go
1,762
Maven
4,983
npm
3,518
NuGet
609
pip
3,094
Pub
10
RubyGems
833
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+

93,966 advisories

Loading
Server-Side Request Forgery (SSRF) vulnerability in Theme-Ruby Foxiz.This issue affects Foxiz:... High Unreviewed
CVE-2024-37260 was published Jul 6, 2024
A signal handler race condition was found in OpenSSH's server (sshd), where a client does not... High Unreviewed
CVE-2024-6387 was published Jul 1, 2024
Certifi removes GLOBALTRUST root certificate High
CVE-2024-39689 was published for certifi (pip) Jul 5, 2024
vanna-ai/vanna version v0.3.4 is vulnerable to SQL injection in some file-critical functions such... High Unreviewed
CVE-2024-5753 was published Jul 5, 2024
Potential memory exhaustion attack due to sparse slice deserialization High
CVE-2024-37298 was published for github.com/gorilla/schema (Go) Jul 1, 2024
AlexVasiluta
Uncontrolled resource consumption in braces High
CVE-2024-4068 was published for braces (npm) May 14, 2024
AlmogApiiro
Vanna prompt injection code execution High
CVE-2024-5565 was published for vanna (pip) May 31, 2024
protobuf-cpp and protobuf-python have potential Denial of Service issue High
CVE-2022-1941 was published for protobuf (pip) Sep 23, 2022
kse3hi
Moodle CSRF risk in admin preset tool management of presets High
CVE-2024-34001 was published for moodle/moodle (Composer) May 31, 2024
Langflow remote code execution vulnerability High
CVE-2024-37014 was published for langflow (pip) Jun 10, 2024
Rhai stack overflow vulenrability High
CVE-2024-36760 was published for rhai (Rust) Jun 13, 2024
AdGuardHome privilege escalation vulnerability High
CVE-2024-36586 was published for github.com/AdguardTeam/AdGuardHome (Go) Jun 13, 2024
langchain_experimental Code Execution via Python REPL access High
CVE-2024-38459 was published for langchain-experimental (pip) Jun 16, 2024
Object Resolver Prototype Pollution High
CVE-2024-36577 was published for @apphp/object-resolver (npm) Jun 17, 2024
NASA AIT-Core uses unencrypted channels to exchange data over the network High
CVE-2024-35061 was published for ait-core (pip) May 21, 2024
Keycloak path transversal vulnerability in redirection validation High
CVE-2024-1132 was published for org.keycloak:keycloak-services (Maven) Apr 17, 2024
s3-url-parser vulnerable to Denial of Service via regexes component High
CVE-2024-25355 was published for s3-url-parser (npm) May 1, 2024
Apache Tomcat - Denial of Service High
CVE-2024-34750 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Jul 3, 2024
westonsteimel
Bypassing IP allow-lists in traefik via HTTP/3 early data requests in QUIC 0-RTT handshakes High
CVE-2024-39321 was published for github.com/traefik/traefik (Go) Jul 5, 2024
MWedl
Server Side Request Forgery (SSRF) attack in Fedify High
CVE-2024-39687 was published for @fedify/fedify (npm) Jul 5, 2024
ThisIsMissEm
Gogs allows argument injection during the tagging of a new release High
CVE-2024-39933 was published for github.com/gogs/gogs (Go) Jul 4, 2024
Improper privilege management in Jungo WinDriver before 12.1.0 allows local attackers to escalate... High Unreviewed
CVE-2023-51776 was published Jul 2, 2024
NLnet Labs Unbound version 1.18.0 up to and including version 1.19.1 contain a vulnerability that... High Unreviewed
CVE-2024-1931 was published Mar 7, 2024
Improper privilege management in Jungo WinDriver 6.0.0 through 16.1.0 allows local attackers to... High Unreviewed
CVE-2024-26314 was published Jul 2, 2024
The IMGspider plugin for WordPress is vulnerable to arbitrary file uploads due to missing file... High Unreviewed
CVE-2024-6319 was published Jul 4, 2024
ProTip! Advisories are also available from the GraphQL API