GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,683
Erlang
29
GitHub Actions
16
Go
1,708
Maven
4,944
npm
3,473
NuGet
603
pip
2,995
Pub
10
RubyGems
826
Rust
773
Swift
34
Unreviewed advisories
All unreviewed
5,000+
18,873 advisories
Filter by severity
github.com/cosmos/ibc-go affected by IBC protocol "Huckleberry" vulnerability
Moderate
GHSA-qjcv-rx3v-7mvj
was published
for
github.com/cosmos/ibc-go
(Go)
May 20, 2024
iFrames Bypass Origin Checks for Tauri API Access Control
Moderate
CVE-2024-35222
was published
for
tauri
(Rust)
May 23, 2024
gix refs and paths with reserved Windows device names access the devices
Moderate
CVE-2024-35197
was published
for
gitoxide
(Rust)
May 22, 2024
Silverstripe XSS In FormAction
Moderate
GHSA-4h54-vwx9-3vr3
was published
for
silverstripe/framework
(Composer)
May 23, 2024
Silverstripe XSS In rewritten hash links
Moderate
GHSA-34q6-xqxh-gq39
was published
for
silverstripe/framework
(Composer)
May 23, 2024
Traefik vulnerable to GO issue allowing malformed DNS message to cause infinite loop
Moderate
GHSA-f7cq-5v43-8pwp
was published
for
github.com/traefik/traefik
(Go)
May 23, 2024
Silverstripe XSS In GridField print
Moderate
GHSA-88jp-9jrv-6368
was published
for
silverstripe/framework
(Composer)
May 23, 2024
Silverstripe XSS in TreeDropdownField and TreeMultiSelectField
Moderate
GHSA-r32j-mr8p-hfp8
was published
for
silverstripe/framework
(Composer)
May 23, 2024
SilverStripe framework XML Quadratic Blowup Attack
Moderate
GHSA-g43w-98wp-m694
was published
for
silverstripe/framework
(Composer)
May 23, 2024
Silverstripe IE requests not properly behaving with rewritehashlinks
Moderate
GHSA-5f5v-5c3v-gw5v
was published
for
silverstripe/framework
(Composer)
May 23, 2024
Silverstripe Forum Module CSRF Vulnerability
Moderate
GHSA-w8fq-xgvh-cxc2
was published
for
silverstripe/forum
(Composer)
May 23, 2024
Eclipse Ditto vulnerable to Cross-site Scripting
Moderate
CVE-2024-5165
was published
for
org.eclipse.ditto:ditto
(Maven)
May 23, 2024
VuFind Server-Side Request Forgery (SSRF) vulnerability
Critical
CVE-2024-25738
was published
for
vufind/vufind
(Composer)
May 22, 2024
VuFind Server-Side Request Forgery (SSRF) vulnerability
Critical
CVE-2024-25737
was published
for
vufind/vufind
(Composer)
May 22, 2024
jupyter-scheduler's endpoint is missing authentication
Moderate
CVE-2024-28188
was published
for
jupyter-scheduler
(pip)
May 23, 2024
Dapr API Token Exposure
Moderate
CVE-2024-35223
was published
for
github.com/dapr/dapr
(Go)
May 22, 2024
gix traversal outside working tree enables arbitrary code execution
High
CVE-2024-35186
was published
for
gitoxide
(Rust)
May 22, 2024
vantage6 collaboration admins can extend their influence by expanding the collaboration
Low
CVE-2024-32969
was published
for
vantage6
(pip)
May 22, 2024
glance-store logs s3 access keys
Moderate
CVE-2024-1141
was published
for
glance-store
(pip)
Feb 1, 2024
Memory leaks in code encrypting and verifying RSA payloads
High
CVE-2024-1394
was published
for
github.com/golang-fips/go
(Go)
Mar 20, 2024
Ghost allows CSV Injection during member CSV export
High
CVE-2024-34448
was published
for
@tryghost/members-csv
(npm)
May 22, 2024
Silverpeas Core vulnerable to Cross Site Scripting
Moderate
CVE-2024-29392
was published
for
org.silverpeas:silverpeas-core
(Maven)
May 22, 2024
NASA AIT-Core uses unencrypted channels to exchange data over the network
High
CVE-2024-35061
was published
for
ait-core
(pip)
May 21, 2024
SilverStripe Web Cache Poisoning through HTTPRequestBuilder
Moderate
CVE-2019-19326
was published
for
silverstripe/framework
(Composer)
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API