Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,444
Erlang
29
GitHub Actions
16
Go
1,668
Maven
4,928
npm
3,458
NuGet
595
pip
2,876
Pub
10
RubyGems
823
Rust
766
Swift
34
Unreviewed advisories
All unreviewed
5,000+

6,469 advisories

Previous ATX is not checked to be the newest valid ATX by Smesher when validating incoming ATX High
CVE-2024-34360 was published for github.com/spacemeshos/api (Go) May 10, 2024
Next.js Server-Side Request Forgery in Server Actions High
CVE-2024-34351 was published for next (npm) May 9, 2024
Next.js Vulnerable to HTTP Request Smuggling High
CVE-2024-34350 was published for next (npm) May 9, 2024
elifoster-block
Npgsql vulnerable to SQL Injection via Protocol Message Size Overflow High
CVE-2024-32655 was published for Npgsql (NuGet) May 9, 2024
paul-gerste-sonarsource NinoFloris
@cyclonedx/cyclonedx-library Improper Restriction of XML External Entity Reference vulnerability High
CVE-2024-34345 was published for @cyclonedx/cyclonedx-library (npm) May 8, 2024
jkowalleck
Apache Inlong Deserialization of Untrusted Data vulnerability High
CVE-2024-26579 was published for org.apache.inlong:manager-pojo (Maven) May 8, 2024
Deno permission escalation vulnerability via open of privileged files with missing `--deny` flag High
CVE-2024-34346 was published for deno (Rust) May 8, 2024
mmastrac
react-pdf vulnerable to arbitrary JavaScript execution upon opening a malicious PDF with PDF.js High
CVE-2024-34342 was published for react-pdf (npm) May 7, 2024
calixteman ThomasRinsma
wojtekmaj
Minder's GitHub Webhook Handler vulnerable to DoS from un-validated requests High
CVE-2024-34084 was published for github.com/stacklok/minder (Go) May 7, 2024
AdamKorcz DavidKorczynski
PDF.js vulnerable to arbitrary JavaScript execution upon opening a malicious PDF High
CVE-2024-4367 was published for pdfjs-dist (npm) May 7, 2024
ThomasRinsma
Arbitrary HTML present after sanitization because of unicode normalization High
CVE-2024-34078 was published for html-sanitizer (pip) May 6, 2024
yzueger
Werkzeug debugger vulnerable to remote execution when interacting with attacker controlled domain High
CVE-2024-34069 was published for Werkzeug (pip) May 6, 2024
Ry0taK
Litestar and Starlite vulnerable to Path Traversal High
CVE-2024-32982 was published for litestar (pip) May 6, 2024
brian-edgar-re
go-ethereum vulnerable to DoS via malicious p2p message High
CVE-2024-32972 was published for github.com/ethereum/go-ethereum (Go) May 6, 2024
Pterodactyl Wings vulnerable to Arbitrary File Write/Read High
CVE-2024-34066 was published for github.com/pterodactyl/wings (Go) May 3, 2024
TrixterTheTux matthewpi
sagemaker-python-sdk Command Injection vulnerability High
CVE-2024-34073 was published for sagemaker (pip) May 3, 2024
Kasimir123
sagemaker-python-sdk vulnerable to Deserialization of Untrusted Data High
CVE-2024-34072 was published for sagemaker (pip) May 3, 2024
Kasimir123
aiohttp vulnerable to Denial of Service when trying to parse malformed POST requests High
CVE-2024-30251 was published for aiohttp (pip) May 3, 2024
bytehope
libxmljs2 type confusion vulnerability when parsing specially crafted XML High
CVE-2024-34393 was published for libxmljs2 (npm) May 2, 2024
libxmljs vulnerable to type confusion when parsing specially crafted XML High
CVE-2024-34391 was published for libxmljs (npm) May 2, 2024
libxmljs vulnerable to type confusion when parsing specially crafted XML High
CVE-2024-34394 was published for libxmljs2 (npm) May 2, 2024
libxmljs vulnerable to type confusion when parsing specially crafted XML High
CVE-2024-34392 was published for libxmljs (npm) May 2, 2024
pgAdmin is affected by a multi-factor authentication bypass vulnerability High
CVE-2024-4215 was published for pgadmin4 (pip) May 2, 2024
pgAdmin Cross-site Scripting vulnerability in /settings/store API response json payload High
CVE-2024-4216 was published for pgAdmin4 (pip) May 2, 2024
Jenkins Script Security Plugin has sandbox bypass vulnerability involving crafted constructor bodies High
CVE-2024-34144 was published for org.jenkins-ci.plugins:script-security (Maven) May 2, 2024
ProTip! Advisories are also available from the GraphQL API