GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,825
Erlang
29
GitHub Actions
16
Go
1,715
Maven
4,950
npm
3,479
NuGet
605
pip
3,009
Pub
10
RubyGems
830
Rust
776
Swift
34
Unreviewed advisories
All unreviewed
5,000+
19,056 advisories
Filter by severity
Fides Webserver Logs Hosted Database Password Partial Exposure Vulnerability
Low
CVE-2024-34715
was published
for
ethyca-fides
(pip)
May 29, 2024
Aimeos denial of service vulnerability in SaaS and marketplace setups
Moderate
GHSA-xjm6-jfmg-qc6p
was published
for
aimeos/aimeos-core
(Composer)
May 29, 2024
Swiftmailer Sendmail transport arbitrary shell execution
Critical
GHSA-4qpj-gxxg-jqg4
was published
for
swiftmailer/swiftmailer
(Composer)
May 29, 2024
stormpath/sdk uses Insecure Random Number Generator
Moderate
GHSA-q8fc-v85f-78pw
was published
for
stormpath/sdk
(Composer)
May 29, 2024
ScnSocialAuth Cross-site Scripting vulnerability in login redirect param
Moderate
GHSA-g6f5-4w43-2x63
was published
for
socalnick/scn-social-auth
(Composer)
May 29, 2024
SimpleSAMLphp Information Disclosure vulnerability
Moderate
GHSA-ppm4-r2vc-pg74
was published
for
simplesamlphp/simplesamlphp
(Composer)
May 28, 2024
ansibleguy-webui Cross-site Scripting vulnerability
High
CVE-2024-36110
was published
for
ansibleguy-webui
(pip)
May 28, 2024
rockhopper Buffer Overflow vulnerability
Moderate
CVE-2022-4969
was published
for
rockhopper
(pip)
May 28, 2024
dbt allows Binding to an Unrestricted IP Address via socketsocket
Moderate
CVE-2024-36105
was published
for
dbt-core
(pip)
May 28, 2024
Umbraco Commerce vulnerable to Stored Cross-site Scripting on Print Functionality
Moderate
CVE-2024-35240
was published
for
Umbraco.Commerce
(NuGet)
May 28, 2024
SimpleSAMLphp Reflected Cross-site Scripting vulnerability
Moderate
GHSA-vpr3-cw3h-prw8
was published
for
simplesamlphp/simplesamlphp
(Composer)
May 28, 2024
Umbraco Forms components vulnerable to Stored Cross-site Scripting
Low
CVE-2024-35239
was published
for
Umbraco.Forms
(NuGet)
May 28, 2024
Mocodo vulnerable to SQL injection in `/web/generate.php`
Critical
CVE-2024-35374
was published
for
mocodo
(pip)
May 28, 2024
SimpleSAMLphp signature validation bypass
Critical
GHSA-fjr2-r2mp-484p
was published
for
simplesamlphp/simplesamlphp
(Composer)
May 28, 2024
SimpleSAMLphp exposes credentials in session storage
Moderate
GHSA-7wh8-jrq7-p27f
was published
for
simplesamlphp/simplesamlphp
(Composer)
May 28, 2024
SimpleSAMLphp Link Injection vulnerability
Moderate
GHSA-v858-922f-fj9v
was published
for
simplesamlphp/simplesamlphp
(Composer)
May 28, 2024
silverstripe/subsites Unsafe SQL Query Construction (Safe Data Source)
High
GHSA-xc69-p8fc-m6m5
was published
for
silverstripe/subsites
(Composer)
May 28, 2024
silverstripe/taxonomy SQL Injection vulnerability
High
GHSA-p2v5-xcqm-4fv6
was published
for
silverstripe/taxonomy
(Composer)
May 28, 2024
silverstripe/userforms file upload exposure on UserForms module
Moderate
GHSA-55pp-293f-3365
was published
for
silverstripe/userforms
(Composer)
May 28, 2024
Denial of service of Minder Server from maliciously crafted GitHub attestations
Moderate
CVE-2024-35238
was published
for
github.com/stacklok/minder
(Go)
May 28, 2024
formwork Cross-site scripting vulnerability in Markdown fields
Moderate
CVE-2024-35621
was published
for
getformwork/formwork
(Composer)
May 28, 2024
rack-contrib vulnerable to Denial of Service due to the unconstrained value of the incoming "profiler_runs" parameter
High
CVE-2024-35231
was published
for
rack-contrib
(RubyGems)
May 28, 2024
OpenAPI Generator Online - Arbitrary File Read/Delete
High
CVE-2024-35219
was published
for
org.openapitools:openapi-generator-online
(Maven)
May 28, 2024
Kaminari Insecure File Permissions Vulnerability
Moderate
CVE-2024-32978
was published
for
kaminari
(RubyGems)
May 28, 2024
silverstripe/graphql Cross-Site Request Forgery vulnerability
High
GHSA-wjg9-v8cf-f5q2
was published
for
silverstripe/graphql
(Composer)
May 28, 2024
ProTip!
Advisories are also available from the
GraphQL API