GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,653
Erlang
29
GitHub Actions
16
Go
1,706
Maven
4,938
npm
3,471
NuGet
603
pip
2,985
Pub
10
RubyGems
826
Rust
772
Swift
34
Unreviewed advisories
All unreviewed
5,000+
8,337 advisories
Filter by severity
Drupal core Cross-Site Scripting (XSS) vulnerabilities
Moderate
GHSA-vfgc-c76h-mwh4
was published
for
drupal/core
(Composer)
May 15, 2024
Drupal core Open Redirect vulnerability
Moderate
GHSA-6gf6-24h2-66j4
was published
for
drupal/core
(Composer)
May 15, 2024
Drupal core uses a vulnerable Third-party library CKEditor
Moderate
GHSA-v273-j5hq-26xp
was published
for
drupal/core
(Composer)
May 15, 2024
Drupal core Access bypass
Moderate
GHSA-mh4h-27gq-cxwj
was published
for
drupal/core
(Composer)
May 15, 2024
Drupal core unrestricted file upload
Moderate
GHSA-7gwj-7fhm-vw4w
was published
for
drupal/core
(Composer)
May 15, 2024
Drupal core Denial of Service
Moderate
GHSA-pr99-c33p-fwf6
was published
for
drupal/core
(Composer)
May 15, 2024
Drupal Anonymous Open Redirect
Moderate
GHSA-gfvf-2f25-f34r
was published
for
drupal/core
(Composer)
May 15, 2024
Drupal External URL injection through URL aliases leading to Open Redirect
Moderate
GHSA-7f4f-p7mq-p4fv
was published
for
drupal/core
(Composer)
May 15, 2024
Drupal Content moderation Access bypass
Moderate
GHSA-f84q-mgj9-8jfc
was published
for
drupal/core
(Composer)
May 15, 2024
wolfictl leaks GitHub tokens to remote non-GitHub git servers
Moderate
CVE-2024-35183
was published
for
github.com/wolfi-dev/wolfictl
(Go)
May 15, 2024
doctrine/doctrine-module zero-valued authentication credentials vulnerability
Moderate
GHSA-9wv8-3h8h-x2wc
was published
for
doctrine/doctrine-module
(Composer)
May 15, 2024
Bonitasoft Runtime Community edition's contains an insecure direct object references vulnerability
Moderate
CVE-2024-28087
was published
for
org.bonitasoft.engine:bonita-server
(Maven)
May 15, 2024
Inadequate XSS Prevention in CodeIgniter/Framework Security Library
Moderate
GHSA-q9j3-4ghj-6h57
was published
for
codeigniter/framework
(Composer)
May 15, 2024
Denial of Service in extension "Code Highlight" (codehighlight)
Moderate
GHSA-4cv2-xc5f-px8h
was published
for
brotkrueml/codehighlight
(Composer)
May 15, 2024
Denial of Service in extension "Code Highlight" (codehighlight)
Moderate
GHSA-65xh-hh78-6454
was published
for
brotkrueml/codehighlight
(Composer)
May 15, 2024
amphp/http Host Header Injection vulnerability
Moderate
GHSA-8v5x-6vv5-jv4g
was published
for
amphp/http
(Composer)
May 15, 2024
amphp/artax Cookie leakage to wrong origins and non-restricted cookie acceptance
Moderate
GHSA-gm98-g2wf-7c68
was published
for
amphp/artax
(Composer)
May 15, 2024
amphp/http-client Header leakage on cross-domain redirects
Moderate
GHSA-8jp9-mpv9-98rj
was published
for
amphp/http-client
(Composer)
May 15, 2024
asymmetricrypt/asymmetricrypt Padding Oracle Vulnerability in RSA Encryption
Moderate
GHSA-87mp-xc4x-x8rh
was published
for
asymmetricrypt/asymmetricrypt
(Composer)
May 15, 2024
goreleaser shows environment by default
Moderate
GHSA-f6mm-5fc7-3g3c
was published
for
github.com/goreleaser/goreleaser
(Go)
May 15, 2024
source-controller leaks Azure Storage SAS token into logs
Moderate
CVE-2024-31216
was published
for
github.com/fluxcd/source-controller
(Go)
May 15, 2024
azure-file-csi-driver leaks service account tokens in the logs
Moderate
CVE-2024-3744
was published
for
sigs.k8s.io/azurefile-csi-driver
(Go)
May 15, 2024
sshpiper's enabling of proxy protocol without proper feature flagging allows faking source address
Moderate
CVE-2024-35175
was published
for
github.com/tg123/sshpiper
(Go)
May 14, 2024
Grafana Data source and plugin proxy endpoints could leak the authentication cookie to some destination plugins
Moderate
CVE-2022-39201
was published
for
github.com/grafana/grafana
(Go)
May 14, 2024
Grafana when using email as a username can block other users from signing in
Moderate
CVE-2022-39229
was published
for
github.com/grafana/grafana
(Go)
May 14, 2024
ProTip!
Advisories are also available from the
GraphQL API