GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,871
Erlang
29
GitHub Actions
16
Go
1,721
Maven
4,951
npm
3,480
NuGet
605
pip
3,026
Pub
10
RubyGems
832
Rust
777
Swift
34
Unreviewed advisories
All unreviewed
5,000+
10,381 advisories
Filter by severity
A local file inclusion vulnerability exists in the JSON component of gradio-app/gradio version 4...
High
Unreviewed
CVE-2024-4941
was published
Jun 6, 2024
mintplex-labs/anything-llm is vulnerable to multiple security issues due to improper input...
High
Unreviewed
CVE-2024-3152
was published
Jun 6, 2024
Integer overflow in libaom internal function img_alloc_helper can lead to heap buffer overflow....
Unknown
Unreviewed
CVE-2024-5171
was published
Jun 5, 2024
A vulnerability in the web-based management interface of Cisco Finesse could allow an...
Moderate
Unreviewed
CVE-2024-20405
was published
Jun 5, 2024
An improper authorization in Fortinet FortiWebManager version 7.2.0 and 7.0.0 through 7.0.4 and 6...
Moderate
Unreviewed
CVE-2024-23669
was published
Jun 5, 2024
Missing security headers in Action Pack on non-HTML responses
Moderate
CVE-2024-28103
was published
for
actionpack
(RubyGems)
Jun 4, 2024
qdrant input validation failure
Critical
CVE-2024-3829
was published
for
qdrant-client
(pip)
Jun 3, 2024
An improper authorization in Fortinet FortiWebManager version 7.2.0 and 7.0.0 through 7.0.4 and 6...
High
Unreviewed
CVE-2024-23668
was published
Jun 3, 2024
qdrant is vulnerable to path traversal due to improper input validation in the `/collections/{name}/snapshots/upload` endpoint
Critical
CVE-2024-3584
was published
for
qdrant
(Rust)
Jun 2, 2024
MileSight DeviceHub - CWE-20 Improper Input Validation may allow Denial of Service
High
Unreviewed
CVE-2024-36390
was published
Jun 2, 2024
Moodle ReCAPTCHA can be bypassed on the login page
Moderate
CVE-2024-34009
was published
for
moodle/moodle
(Composer)
May 31, 2024
Moodle Improper Input Validation
High
CVE-2024-33999
was published
for
moodle/moodle
(Composer)
May 31, 2024
Moodle broken access control when setting calendar event type
Moderate
CVE-2024-33996
was published
for
moodle/moodle
(Composer)
May 31, 2024
IBM Security Verify Access OIDC Provider 22.09 through 23.03 could disclose sensitive information...
Moderate
Unreviewed
CVE-2024-22338
was published
May 31, 2024
TYPO3 Brute Force Protection Bypass in backend login
Moderate
GHSA-jqr8-q455-xx45
was published
for
typo3/cms
(Composer)
May 30, 2024
TYPO3 Arbitrary Shell Execution in Swiftmailer library
High
GHSA-45xg-4w5x-j429
was published
for
typo3/cms
(Composer)
May 30, 2024
Symfony has unsafe methods in the Request class
Moderate
CVE-2015-2309
was published
for
symfony/http-foundation
(Composer)
May 30, 2024
Symfony has a security issue when parsing the Authorization header
Moderate
CVE-2014-6061
was published
for
symfony/http-foundation
(Composer)
May 30, 2024
silverstripe/framework has possible denial of service attack vector when flushing
High
GHSA-cwgq-83w5-8jfq
was published
for
silverstripe/framework
(Composer)
May 28, 2024
silverstripe/framework uploaded PHP script execution in assets
Moderate
GHSA-f43j-8hq4-2xj9
was published
for
silverstripe/framework
(Composer)
May 27, 2024
In mintplex-labs/anything-llm, a vulnerability exists due to improper input validation in the...
High
Unreviewed
CVE-2024-4287
was published
May 20, 2024
A potential vulnerability has been identified for OpenText Operations Bridge Reporter. The...
High
Unreviewed
CVE-2021-22508
was published
May 17, 2024
Dell BIOS contains an Improper Input Validation vulnerability. A local authenticated malicious...
High
Unreviewed
CVE-2024-22429
was published
May 17, 2024
Zabbix server can perform command execution for configured scripts. After command is executed,...
Critical
Unreviewed
CVE-2024-22120
was published
May 17, 2024
ProTip!
Advisories are also available from the
GraphQL API