GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,980
Erlang
29
GitHub Actions
16
Go
1,769
Maven
4,994
npm
3,540
NuGet
616
pip
3,110
Pub
10
RubyGems
837
Rust
787
Swift
34
Unreviewed advisories
All unreviewed
5,000+
19,490 advisories
Filter by severity
Plate media plugins has a XSS in media embed element when using custom URL parsers
High
CVE-2024-40631
was published
for
@udecode/plate-media
(npm)
Jul 15, 2024
RISC Zero zkVM notes on zero-knowledge
Low
GHSA-5xgj-pmjj-gw49
was published
for
risc0-zkvm
(Rust)
Jul 15, 2024
ZITADEL Go's GRPC example code vulnerability - GO-2024-2687 HTTP/2 CONTINUATION flood in net/http
Moderate
GHSA-qc6v-5g5m-8cw2
was published
for
github.com/zitadel/zitadel-go/v3
(Go)
Jul 15, 2024
OpaMiddleware does not filter HTTP OPTIONS requests
Moderate
CVE-2024-40627
was published
for
fastapi-opa
(pip)
Jul 15, 2024
TorrentPier Deserialization of Untrusted Data vulnerability
Critical
CVE-2024-40624
was published
for
torrentpier/torrentpier
(Composer)
Jul 15, 2024
@jmondi/url-to-png enables capture screenshot of localhost web services (unauthenticated pages)
Low
CVE-2024-39919
was published
for
@jmondi/url-to-png
(npm)
Jul 15, 2024
@jmondi/url-to-png contains a Path Traversal vulnerability
Moderate
CVE-2024-39918
was published
for
@jmondi/url-to-png
(npm)
Jul 15, 2024
The FIDO2/Webauthn Support for PHP library allows enumeration of valid usernames
Moderate
CVE-2024-39912
was published
for
web-auth/webauthn-framework
(Composer)
Jul 15, 2024
Apache Linkis DataSource's JDBC Datasource Module with DB2 has JNDI Injection vulnerability
High
CVE-2023-49566
was published
for
org.apache.linkis:linkis-datasource
(Maven)
Jul 15, 2024
Apache Linkis DataSource remote code execution vulnerability
High
CVE-2023-46801
was published
for
org.apache.linkis:linkis-datasource
(Maven)
Jul 15, 2024
Apache Linkis DataSource allows arbitrary file reading
Moderate
CVE-2023-41916
was published
for
org.apache.linkis:linkis-datasource
(Maven)
Jul 15, 2024
langchain-experimental vulnerable to Arbitrary Code Execution
High
CVE-2024-21513
was published
for
langchain-experimental
(pip)
Jul 15, 2024
setuptools vulnerable to Command Injection via package URL
High
CVE-2024-6345
was published
for
setuptools
(pip)
Jul 15, 2024
Malware package cipherbcrypt
High
GHSA-5grr-72f9-678v
was published
for
cipherbcrypt
(pip)
Jul 12, 2024
Apache Wicket: Remote code execution via XSLT injection
High
CVE-2024-36522
was published
for
org.apache.wicket:wicket-core
(Maven)
Jul 12, 2024
SQL Injection in the KubeClarity REST API
Moderate
CVE-2024-39909
was published
for
github.com/openclarity/kubeclarity/backend
(Go)
Jul 12, 2024
Hashicorp Vault vulnerable to Improper Check or Handling of Exceptional Conditions
High
CVE-2024-6468
was published
for
github.com/hashicorp/vault
(Go)
Jul 11, 2024
NATS Server and Streaming Server fails to enforce negative user permissions, may allow denied subjects
Moderate
CVE-2022-29946
was published
for
github.com/nats-io/nats-server
(Go)
Jul 11, 2024
Login by Auth0 plugin for WordPress vulnerable to Reflected Cross-Site Scripting
Moderate
CVE-2023-6813
was published
for
auth0/wordpress
(Composer)
Jul 11, 2024
Mimekit has vulnerable dependency that can lead to denial of service
High
GHSA-gmc6-fwg3-75m5
was published
for
MimeKit
(NuGet)
Jul 11, 2024
Red-DiscordBot vulnerable to Incorrect Authorization in commands API
Moderate
CVE-2024-39905
was published
for
Red-DiscordBot
(pip)
Jul 11, 2024
Wagtail regular expression denial-of-service via search query parsing
Moderate
CVE-2024-39317
was published
for
wagtail
(pip)
Jul 11, 2024
SurrealDB vulnerable to Improper Authentication when Changing Databases as Scope User
Moderate
GHSA-gh9f-6xm2-c4j2
was published
for
surrealdb
(Rust)
Jul 11, 2024
OpenSearch Observability does not properly restrict access to private tenant resources
Moderate
CVE-2024-39901
was published
for
org.opensearch.plugin:opensearch-observability
(Maven)
Jul 10, 2024
ProTip!
Advisories are also available from the
GraphQL API