GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,971
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,091
Pub
10
RubyGems
833
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
6,730 advisories
Filter by severity
piraeus-operator allows attacker to impersonate service account
High
CVE-2024-33398
was published
for
github.com/piraeusdatastore/piraeus-operator/v2
(Go)
May 3, 2024
Exposure of Resource to Wrong Sphere in ThinkPHP Framework
High
CVE-2022-25481
was published
for
topthink/framework
(Composer)
Mar 22, 2022
jackson-databind mishandles the interaction between serialization gadgets and typing
High
CVE-2020-10672
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Apr 23, 2020
jackson-databind mishandles the interaction between serialization gadgets and typing
High
CVE-2020-10673
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
May 15, 2020
Django Denial-of-service in django.utils.text.Truncator
High
CVE-2019-14232
was published
for
django
(pip)
Aug 6, 2019
Opencontainers runc Incorrect Authorization vulnerability
High
CVE-2023-27561
was published
for
github.com/opencontainers/runc
(Go)
Mar 3, 2023
OpenStack Storlets arbitrary code execution vulnerability
High
CVE-2024-28717
was published
for
storlets
(pip)
Apr 22, 2024
karmada vulnerable to arbitrary code execution via a crafted command
High
CVE-2024-33396
was published
for
github.com/karmada-io/karmada
(Go)
May 2, 2024
Jenkins Script Security Plugin sandbox bypass vulnerability
High
CVE-2024-34145
was published
for
org.jenkins-ci.plugins:script-security
(Maven)
May 2, 2024
Jenkins Script Security Plugin has sandbox bypass vulnerability involving crafted constructor bodies
High
CVE-2024-34144
was published
for
org.jenkins-ci.plugins:script-security
(Maven)
May 2, 2024
github.com/containers/image allows unexpected authenticated registry accesses
High
CVE-2024-3727
was published
for
github.com/containers/image
(Go)
May 14, 2024
Password exposure in H2 Database
High
CVE-2022-45868
was published
for
com.h2database:h2
(Maven)
Nov 23, 2022
aimeos/ai-admin-graphql improper access control vulnerability allows an editor to modify admin account
High
CVE-2024-39323
was published
for
aimeos/ai-admin-graphql
(Composer)
Jul 2, 2024
yt-dlp File system modification and RCE through improper file-extension sanitization
High
CVE-2024-38519
was published
for
yt-dlp
(pip)
Jul 2, 2024
Potential memory exhaustion attack due to sparse slice deserialization
High
CVE-2024-37298
was published
for
github.com/gorilla/schema
(Go)
Jul 1, 2024
Unlimited number of NTS-KE connections can crash ntpd-rs server
High
CVE-2024-38528
was published
for
ntpd
(Rust)
Jun 28, 2024
Classpath resource disclosure in GWC Web Resource API on Windows / Tomcat
High
CVE-2024-24749
was published
for
org.geoserver.web:gs-web-app
(Maven)
Jul 1, 2024
Request smuggling leading to endpoint restriction bypass in Gunicorn
High
CVE-2024-1135
was published
for
gunicorn
(pip)
Apr 16, 2024
HashiCorp go-getter Vulnerable to Code Execution On Git Update Via Git Config Manipulation
High
CVE-2024-6257
was published
for
github.com/hashicorp/go-getter
(Go)
Jun 25, 2024
ntlk unsafe deserialization vulnerability
High
CVE-2024-39705
was published
for
nltk
(pip)
Jun 28, 2024
lollms vulnerable to dot-dot-slash path traversal in XTTS server
High
CVE-2024-6139
was published
for
lollms
(pip)
Jun 27, 2024
lollms vulnerable to path traversal due to unauthenticated root folder settings change
High
CVE-2024-6085
was published
for
lollms
(pip)
Jun 27, 2024
ProTip!
Advisories are also available from the
GraphQL API