GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,683
Erlang
29
GitHub Actions
16
Go
1,708
Maven
4,944
npm
3,473
NuGet
603
pip
2,995
Pub
10
RubyGems
826
Rust
773
Swift
34
Unreviewed advisories
All unreviewed
5,000+
1,034 advisories
Filter by severity
Ghost allows CSV Injection during member CSV export
High
CVE-2024-34448
was published
for
@tryghost/members-csv
(npm)
May 22, 2024
NASA AIT-Core vulnerable to remote code execution
Critical
CVE-2024-35059
was published
for
ait-core
(pip)
May 21, 2024
Shopware Remote Code Execution Vulnerability
Critical
GHSA-7336-ghhp-f2qj
was published
for
shopware/shopware
(Composer)
May 21, 2024
Shopware Remote Code Execution Vulnerability
Critical
GHSA-q3g4-2vw9-xv27
was published
for
shopware/shopware
(Composer)
May 21, 2024
Pusher Service Channel Authentication Bypass
Moderate
GHSA-7v7m-pcw5-h3cg
was published
for
pusher/pusher-php-server
(Composer)
May 20, 2024
Monolog Header injection in NativeMailerHandler
Low
GHSA-f57v-q966-7fh6
was published
for
monolog/monolog
(Composer)
May 15, 2024
Contao: Insufficient BBCode sanitizer
Moderate
CVE-2024-28234
was published
for
contao/comments-bundle
(Composer)
Apr 9, 2024
Contao: Unencoded insert tags in the frontend
Low
CVE-2024-28191
was published
for
contao/core-bundle
(Composer)
Apr 9, 2024
Xuxueli xxl-job template injection vulnerability
Low
CVE-2024-3366
was published
for
com.xuxueli:xxl-job-core
(Maven)
Apr 6, 2024
Un-sanitized metric name or labels can be used to take over exported metrics
Moderate
CVE-2024-28867
was published
for
github.com/swift-server/swift-prometheus
(Swift)
Mar 29, 2024
Content-Security-Policy header generation in middleware could be compromised by malicious injections
High
CVE-2024-29896
was published
for
@kindspells/astro-shield
(npm)
Mar 29, 2024
RDoc RCE vulnerability with .rdoc_options
High
CVE-2024-27281
was published
for
rdoc
(RubyGems)
Mar 25, 2024
Server crashes on invalid Cloud Function or Cloud Job name
Critical
CVE-2024-29027
was published
for
parse-server
(npm)
Mar 19, 2024
RCE in TranformGraph().to_dot_graph function
High
CVE-2023-41334
was published
for
astropy
(pip)
Mar 18, 2024
TurboBoost Commands vulnerable to arbitrary method invocation
High
CVE-2024-28181
was published
for
@turbo-boost/commands
(RubyGems)
Mar 15, 2024
Mattermost Jira plugin versions shipped with Mattermost versions 8.1.x before 8.1.10, 9.2.x...
Moderate
Unreviewed
CVE-2024-2445
was published
Mar 15, 2024
This is a reflected cross site scripting vulnerability in the PaperCut NG/MF application server....
Moderate
Unreviewed
CVE-2024-1883
was published
Mar 14, 2024
This vulnerability allows an already authenticated admin user to create a malicious payload that...
High
Unreviewed
CVE-2024-1882
was published
Mar 14, 2024
An injection vulnerability has been reported to affect several QNAP operating system versions. If...
Moderate
Unreviewed
CVE-2024-21900
was published
Mar 8, 2024
An injection issue was addressed with improved input validation. This issue is fixed in macOS...
High
Unreviewed
CVE-2024-23268
was published
Mar 8, 2024
An injection issue was addressed with improved input validation. This issue is fixed in macOS...
High
Unreviewed
CVE-2024-23274
was published
Mar 8, 2024
Improper neutralization of special elements in output (CWE-74) used by the email generation...
Moderate
Unreviewed
CVE-2024-21838
was published
Mar 5, 2024
A vulnerability has been found in rahman SelectCours 1.0 and classified as problematic. Affected...
Moderate
Unreviewed
CVE-2024-2064
was published
Mar 1, 2024
Kaspersky has fixed a security issue in the Kaspersky Security 8.0 for Linux Mail Server. The...
Moderate
Unreviewed
CVE-2024-1619
was published
Feb 29, 2024
ProTip!
Advisories are also available from the
GraphQL API