GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,444
Erlang
29
GitHub Actions
16
Go
1,668
Maven
4,928
npm
3,458
NuGet
595
pip
2,876
Pub
10
RubyGems
823
Rust
766
Swift
34
Unreviewed advisories
All unreviewed
5,000+
6,469 advisories
Filter by severity
Previous ATX is not checked to be the newest valid ATX by Smesher when validating incoming ATX
High
CVE-2024-34360
was published
for
github.com/spacemeshos/api
(Go)
May 10, 2024
Next.js Server-Side Request Forgery in Server Actions
High
CVE-2024-34351
was published
for
next
(npm)
May 9, 2024
Next.js Vulnerable to HTTP Request Smuggling
High
CVE-2024-34350
was published
for
next
(npm)
May 9, 2024
Npgsql vulnerable to SQL Injection via Protocol Message Size Overflow
High
CVE-2024-32655
was published
for
Npgsql
(NuGet)
May 9, 2024
@cyclonedx/cyclonedx-library Improper Restriction of XML External Entity Reference vulnerability
High
CVE-2024-34345
was published
for
@cyclonedx/cyclonedx-library
(npm)
May 8, 2024
Apache Inlong Deserialization of Untrusted Data vulnerability
High
CVE-2024-26579
was published
for
org.apache.inlong:manager-pojo
(Maven)
May 8, 2024
Deno permission escalation vulnerability via open of privileged files with missing `--deny` flag
High
CVE-2024-34346
was published
for
deno
(Rust)
May 8, 2024
react-pdf vulnerable to arbitrary JavaScript execution upon opening a malicious PDF with PDF.js
High
CVE-2024-34342
was published
for
react-pdf
(npm)
May 7, 2024
Minder's GitHub Webhook Handler vulnerable to DoS from un-validated requests
High
CVE-2024-34084
was published
for
github.com/stacklok/minder
(Go)
May 7, 2024
PDF.js vulnerable to arbitrary JavaScript execution upon opening a malicious PDF
High
CVE-2024-4367
was published
for
pdfjs-dist
(npm)
May 7, 2024
Arbitrary HTML present after sanitization because of unicode normalization
High
CVE-2024-34078
was published
for
html-sanitizer
(pip)
May 6, 2024
Werkzeug debugger vulnerable to remote execution when interacting with attacker controlled domain
High
CVE-2024-34069
was published
for
Werkzeug
(pip)
May 6, 2024
Litestar and Starlite vulnerable to Path Traversal
High
CVE-2024-32982
was published
for
litestar
(pip)
May 6, 2024
go-ethereum vulnerable to DoS via malicious p2p message
High
CVE-2024-32972
was published
for
github.com/ethereum/go-ethereum
(Go)
May 6, 2024
Pterodactyl Wings vulnerable to Arbitrary File Write/Read
High
CVE-2024-34066
was published
for
github.com/pterodactyl/wings
(Go)
May 3, 2024
sagemaker-python-sdk Command Injection vulnerability
High
CVE-2024-34073
was published
for
sagemaker
(pip)
May 3, 2024
sagemaker-python-sdk vulnerable to Deserialization of Untrusted Data
High
CVE-2024-34072
was published
for
sagemaker
(pip)
May 3, 2024
aiohttp vulnerable to Denial of Service when trying to parse malformed POST requests
High
CVE-2024-30251
was published
for
aiohttp
(pip)
May 3, 2024
libxmljs2 type confusion vulnerability when parsing specially crafted XML
High
CVE-2024-34393
was published
for
libxmljs2
(npm)
May 2, 2024
libxmljs vulnerable to type confusion when parsing specially crafted XML
High
CVE-2024-34391
was published
for
libxmljs
(npm)
May 2, 2024
libxmljs vulnerable to type confusion when parsing specially crafted XML
High
CVE-2024-34394
was published
for
libxmljs2
(npm)
May 2, 2024
libxmljs vulnerable to type confusion when parsing specially crafted XML
High
CVE-2024-34392
was published
for
libxmljs
(npm)
May 2, 2024
pgAdmin is affected by a multi-factor authentication bypass vulnerability
High
CVE-2024-4215
was published
for
pgadmin4
(pip)
May 2, 2024
pgAdmin Cross-site Scripting vulnerability in /settings/store API response json payload
High
CVE-2024-4216
was published
for
pgAdmin4
(pip)
May 2, 2024
Jenkins Script Security Plugin has sandbox bypass vulnerability involving crafted constructor bodies
High
CVE-2024-34144
was published
for
org.jenkins-ci.plugins:script-security
(Maven)
May 2, 2024
ProTip!
Advisories are also available from the
GraphQL API