Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,980
Erlang
29
GitHub Actions
16
Go
1,769
Maven
4,994
npm
3,540
NuGet
616
pip
3,110
Pub
10
RubyGems
837
Rust
787
Swift
34
Unreviewed advisories
All unreviewed
5,000+

19,490 advisories

Loading
Plate media plugins has a XSS in media embed element when using custom URL parsers High
CVE-2024-40631 was published for @udecode/plate-media (npm) Jul 15, 2024
RISC Zero zkVM notes on zero-knowledge Low
GHSA-5xgj-pmjj-gw49 was published for risc0-zkvm (Rust) Jul 15, 2024
ZITADEL Go's GRPC example code vulnerability - GO-2024-2687 HTTP/2 CONTINUATION flood in net/http Moderate
GHSA-qc6v-5g5m-8cw2 was published for github.com/zitadel/zitadel-go/v3 (Go) Jul 15, 2024
helpisdev livio-a
OpaMiddleware does not filter HTTP OPTIONS requests Moderate
CVE-2024-40627 was published for fastapi-opa (pip) Jul 15, 2024
TorrentPier Deserialization of Untrusted Data vulnerability Critical
CVE-2024-40624 was published for torrentpier/torrentpier (Composer) Jul 15, 2024
swapgs
@jmondi/url-to-png enables capture screenshot of localhost web services (unauthenticated pages) Low
CVE-2024-39919 was published for @jmondi/url-to-png (npm) Jul 15, 2024
realArcherL
@jmondi/url-to-png contains a Path Traversal vulnerability Moderate
CVE-2024-39918 was published for @jmondi/url-to-png (npm) Jul 15, 2024
realArcherL
The FIDO2/Webauthn Support for PHP library allows enumeration of valid usernames Moderate
CVE-2024-39912 was published for web-auth/webauthn-framework (Composer) Jul 15, 2024
marcriemer
Apache Linkis DataSource's JDBC Datasource Module with DB2 has JNDI Injection vulnerability High
CVE-2023-49566 was published for org.apache.linkis:linkis-datasource (Maven) Jul 15, 2024
Apache Linkis DataSource remote code execution vulnerability High
CVE-2023-46801 was published for org.apache.linkis:linkis-datasource (Maven) Jul 15, 2024
Apache Linkis DataSource allows arbitrary file reading Moderate
CVE-2023-41916 was published for org.apache.linkis:linkis-datasource (Maven) Jul 15, 2024
langchain-experimental vulnerable to Arbitrary Code Execution High
CVE-2024-21513 was published for langchain-experimental (pip) Jul 15, 2024
setuptools vulnerable to Command Injection via package URL High
CVE-2024-6345 was published for setuptools (pip) Jul 15, 2024
Malware package cipherbcrypt High
GHSA-5grr-72f9-678v was published for cipherbcrypt (pip) Jul 12, 2024
Local File Inclusion in Solara High
CVE-2024-39903 was published for solara (pip) Jul 12, 2024
sunriseXu
Apache Wicket: Remote code execution via XSLT injection High
CVE-2024-36522 was published for org.apache.wicket:wicket-core (Maven) Jul 12, 2024
SQL Injection in the KubeClarity REST API Moderate
CVE-2024-39909 was published for github.com/openclarity/kubeclarity/backend (Go) Jul 12, 2024
b-abderrahmane
Hashicorp Vault vulnerable to Improper Check or Handling of Exceptional Conditions High
CVE-2024-6468 was published for github.com/hashicorp/vault (Go) Jul 11, 2024
NATS Server and Streaming Server fails to enforce negative user permissions, may allow denied subjects Moderate
CVE-2022-29946 was published for github.com/nats-io/nats-server (Go) Jul 11, 2024
Login by Auth0 plugin for WordPress vulnerable to Reflected Cross-Site Scripting Moderate
CVE-2023-6813 was published for auth0/wordpress (Composer) Jul 11, 2024
Mimekit has vulnerable dependency that can lead to denial of service High
GHSA-gmc6-fwg3-75m5 was published for MimeKit (NuGet) Jul 11, 2024
StefanJonssonInExchange
Red-DiscordBot vulnerable to Incorrect Authorization in commands API Moderate
CVE-2024-39905 was published for Red-DiscordBot (pip) Jul 11, 2024
Flame442
Wagtail regular expression denial-of-service via search query parsing Moderate
CVE-2024-39317 was published for wagtail (pip) Jul 11, 2024
RealOrangeOne
SurrealDB vulnerable to Improper Authentication when Changing Databases as Scope User Moderate
GHSA-gh9f-6xm2-c4j2 was published for surrealdb (Rust) Jul 11, 2024
OpenSearch Observability does not properly restrict access to private tenant resources Moderate
CVE-2024-39901 was published for org.opensearch.plugin:opensearch-observability (Maven) Jul 10, 2024
ProTip! Advisories are also available from the GraphQL API