GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,444
Erlang
29
GitHub Actions
16
Go
1,668
Maven
4,928
npm
3,458
NuGet
595
pip
2,876
Pub
10
RubyGems
823
Rust
766
Swift
34
Unreviewed advisories
All unreviewed
5,000+
18,431 advisories
Filter by severity
Apache ZooKeeper vulnerable to information disclosure in persistent watchers handling
Moderate
CVE-2024-23944
was published
for
org.apache.zookeeper:zookeeper
(Maven)
Mar 15, 2024
Null pointer dereference in PKCS12 parsing
Moderate
CVE-2024-0727
was published
for
cryptography
(pip)
Jan 26, 2024
Apache Zeppelin Path Traversal vulnerability
Moderate
CVE-2024-31860
was published
for
org.apache.zeppelin:zeppelin-server
(Maven)
Apr 9, 2024
Roundup Cross-site Scripting (XSS) vulnerability
Moderate
CVE-2010-2491
was published
for
roundup
(pip)
May 17, 2022
MoinMoin Cross-site Scripting (XSS) vulnerability
Moderate
CVE-2010-2487
was published
for
moin
(pip)
May 17, 2022
mdanter/ecc affected by timing vulnerability in cryptographic side-channels
Moderate
CVE-2024-33851
was published
for
mdanter/ecc
(Composer)
Apr 28, 2024
Minder's GitHub Webhook Handler vulnerable to DoS from un-validated requests
High
CVE-2024-34084
was published
for
github.com/stacklok/minder
(Go)
May 7, 2024
Vitess vulnerable to infinite memory consumption and vtgate crash
Moderate
CVE-2024-32886
was published
for
github.com/vitessio/vitess
(Go)
May 8, 2024
Bouncy Castle Java Cryptography API vulnerable to DNS poisoning
Low
CVE-2024-34447
was published
for
org.bouncycastle:bcprov-jdk12
(Maven)
May 3, 2024
Genie Path Traversal vulnerability via File Uploads
Critical
CVE-2024-4701
was published
for
com.netflix.genie:genie-web
(Maven)
May 9, 2024
Npgsql vulnerable to SQL Injection via Protocol Message Size Overflow
High
CVE-2024-32655
was published
for
Npgsql
(NuGet)
May 9, 2024
Apache Tomcat Improper Access Control vulnerability
Critical
CVE-2016-8735
was published
for
org.apache.tomcat:tomcat-catalina
(Maven)
May 13, 2022
Previous ATX is not checked to be the newest valid ATX by Smesher when validating incoming ATX
High
CVE-2024-34360
was published
for
github.com/spacemeshos/api
(Go)
May 10, 2024
Sylius has potential Cross Site Scripting vulnerability via the "Province" field in the Checkout and Address Book
Moderate
CVE-2024-29376
was published
for
sylius/sylius
(Composer)
May 10, 2024
Sylius potentially vulnerable to Cross Site Scripting via "Name" field (Taxons, Products, Options, Variants) in Admin Panel
Low
CVE-2024-34349
was published
for
sylius/sylius
(Composer)
May 10, 2024
Blind XSS Leading to Froxlor Application Compromise
Critical
CVE-2024-34070
was published
for
froxlor/froxlor
(Composer)
May 10, 2024
lobe-chat `/api/proxy` endpoint Server-Side Request Forgery vulnerability
Critical
CVE-2024-32964
was published
for
@lobehub/chat
(npm)
May 10, 2024
phpseclib does not properly limit the ASN1 OID length
High
CVE-2024-27355
was published
for
phpseclib/phpseclib
(Composer)
Mar 2, 2024
phpseclib a large prime can cause a denial of service
High
CVE-2024-27354
was published
for
phpseclib/phpseclib
(Composer)
Mar 2, 2024
tiagorlampert CHAOS vulnerable to Cross Site Scripting
Moderate
CVE-2024-31839
was published
for
github.com/tiagorlampert/CHAOS
(Go)
Apr 12, 2024
OpenFGA Authorization Bypass
Moderate
CVE-2023-40579
was published
for
github.com/openfga/openfga
(Go)
Aug 25, 2023
dcnnt-py is vulnerable to command injection via Notification Handler
Moderate
CVE-2023-1000
was published
for
dcnnt
(pip)
Apr 27, 2024
Salt allows deleted minions to read or write to minions with the same id
Critical
CVE-2016-9639
was published
for
salt
(pip)
May 17, 2022
ProTip!
Advisories are also available from the
GraphQL API