GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,678
Erlang
29
GitHub Actions
16
Go
1,707
Maven
4,940
npm
3,471
NuGet
603
pip
2,987
Pub
10
RubyGems
826
Rust
773
Swift
34
Unreviewed advisories
All unreviewed
5,000+
2,891 advisories
Filter by severity
Shopware's session is persistent in Cache for 404 pages
Critical
CVE-2024-27917
was published
for
shopware/platform
(Composer)
Mar 6, 2024
HTTP Handling Vulnerability in the Bare server
Critical
CVE-2024-27922
was published
for
@tomphttp/bare-server-node
(npm)
Mar 5, 2024
JSONata expression can pollute the "Object" prototype
Critical
CVE-2024-27307
was published
for
jsonata
(npm)
Mar 4, 2024
Authorization Bypass Through User-Controlled Key in go-zero
Critical
CVE-2024-27302
was published
for
github.com/zeromicro/go-zero
(Go)
Mar 4, 2024
Budibase affected by VM2 Constructor Escape Vulnerability
Critical
GHSA-4g2x-vq5p-5vj6
was published
for
@budibase/server
(npm)
Mar 1, 2024
ZDI-CAN-19105: Parse Server literalizeRegexPart SQL Injection
Critical
CVE-2024-27298
was published
for
parse-server
(npm)
Mar 1, 2024
Flask-AppBuilder vulnerable to incorrect authentication when using auth type OpenID
Critical
CVE-2024-25128
was published
for
Flask-AppBuilder
(pip)
Feb 28, 2024
Transparent TLS may not be applied to Marbles with certain manifest configurations
Critical
GHSA-x5r5-2qrx-rqj8
was published
for
github.com/edgelesssys/marblerun
(Go)
Feb 27, 2024
@nfid/embed has compromised private key due to @dfinity/auth-client producing insecure session keys
Critical
GHSA-84c3-j8r2-mcm8
was published
for
@nfid/embed
(npm)
Feb 26, 2024
SAML authentication bypass due to missing validation on unsigned SAML messages
Critical
GHSA-hx5q-v6pj-533r
was published
for
com.linecorp.centraldogma:centraldogma-server-auth-saml
(Maven)
Feb 26, 2024
Armeria SAML authentication bypass due to missing validation on unsigned SAML messages
Critical
CVE-2024-1735
was published
for
com.linecorp.armeria:armeria-saml
(Maven)
Feb 26, 2024
Apache DolphinScheduler vulnerable to arbitrary JavaScript execution as root for authenticated users
Critical
CVE-2024-23320
was published
for
org.apache.dolphinscheduler:dolphinscheduler-master
(Maven)
Feb 23, 2024
Fiber has Insecure CORS Configuration, Allowing Wildcard Origin with Credentials
Critical
CVE-2024-25124
was published
for
github.com/gofiber/fiber/v2
(Go)
Feb 22, 2024
Dompdf's usage of vulnerable version of phenx/php-svg-lib leads to restriction bypass and potential RCE
Critical
GHSA-97m3-52wr-xvv2
was published
for
phenx/php-svg-lib
(Composer)
Feb 22, 2024
org.postgresql:postgresql vulnerable to SQL Injection via line comment generation
Critical
CVE-2024-1597
was published
for
org.postgresql:postgresql
(Maven)
Feb 21, 2024
pymatgen vulnerable to arbitrary code execution when parsing a maliciously crafted JonesFaithfulTransformation transformation_string
Critical
CVE-2024-23346
was published
for
pymatgen
(pip)
Feb 21, 2024
Liferay Portal Document and Media widget and Liferay DXP vulnerable to stored Cross-site Scripting
Critical
CVE-2023-47795
was published
for
com.liferay.portal:release.dxp.bom
(Maven)
Feb 21, 2024
Liferay Portal and Liferay DXP vulnerable to stored Cross-site Scripting
Critical
CVE-2024-26266
was published
for
com.liferay.portal:release.dxp.bom
(Maven)
Feb 21, 2024
Liferay Portal Frontend JS module's portlet.js and Liferay DXP vulnerable to Cross-site Scripting
Critical
CVE-2024-26269
was published
for
com.liferay.portal:release.dxp.bom
(Maven)
Feb 21, 2024
Liferay Portal's Dynamic Data Mapping module's DDMForm and Liferay DXP vulnerable to stored Cross-site Scripting
Critical
CVE-2024-25603
was published
for
com.liferay.portal:release.dxp.bom
(Maven)
Feb 21, 2024
Liferay Portal Expando module and Liferay DXP vulnerable to stored Cross-site Scripting
Critical
CVE-2024-25601
was published
for
com.liferay.portal:release.dxp.bom
(Maven)
Feb 21, 2024
Liferay Portal Language Override edit screen and Liferay DXP vulnerable to reflected Cross-site Scripting
Critical
CVE-2023-42498
was published
for
com.liferay.portal:release.dxp.bom
(Maven)
Feb 21, 2024
Liferay Portal and Liferay DXP's Users Admin module vulnerable to stored Cross-site Scripting
Critical
CVE-2024-25602
was published
for
com.liferay.portal:release.dxp.bom
(Maven)
Feb 21, 2024
Liferay Portal and Liferay DXP vulnerable to Cross-site Scripting
Critical
CVE-2024-25147
was published
for
com.liferay.portal:release.dxp.bom
(Maven)
Feb 21, 2024
Liferay Portal and Liferay DXP vulnerable to reflected Cross-site Scripting
Critical
CVE-2023-40191
was published
for
com.liferay.portal:release.dxp.bom
(Maven)
Feb 21, 2024
ProTip!
Advisories are also available from the
GraphQL API