GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,055
Erlang
29
GitHub Actions
19
Go
1,889
Maven
5,000+
npm
3,605
NuGet
638
pip
3,208
Pub
10
RubyGems
852
Rust
816
Swift
35
Unreviewed advisories
All unreviewed
5,000+
3,009 advisories
Filter by severity
Ankitects Anki arbitrary script execution vulnerability
Critical
CVE-2024-26020
was published
for
anki
(pip)
Jul 22, 2024
TorrentPier Deserialization of Untrusted Data vulnerability
Critical
CVE-2024-40624
was published
for
torrentpier/torrentpier
(Composer)
Jul 15, 2024
1Panel has an SQL injection issue related to the orderBy clause
Critical
CVE-2024-39907
was published
for
github.com/1Panel-dev/1Panel
(Go)
Jul 18, 2024
Keras code injection vulnerability
Critical
CVE-2024-3660
was published
for
keras
(pip)
Apr 16, 2024
Samly access control vulnerability
Critical
CVE-2024-25718
was published
for
Samly
(Erlang)
Feb 11, 2024
@thi.ng/paths Prototype Pollution vulnerability
Critical
CVE-2024-29650
was published
for
@thi.ng/paths
(npm)
Mar 25, 2024
RaspAP allows an attacker to escalate privileges
Critical
CVE-2024-41637
was published
for
billz/raspap-webgui
(Composer)
Jul 29, 2024
Remote code execution in Spring Cloud Data Flow
Critical
CVE-2024-37084
was published
for
org.springframework.cloud:spring-cloud-skipper
(Maven)
Jul 25, 2024
Gin mishandles a wildcard at the end of an origin string
Critical
CVE-2019-25211
was published
for
github.com/gin-contrib/cors
(Go)
Jun 29, 2024
Craft CMS SQL injection vulnerability via the GraphQL API endpoint
Critical
CVE-2024-37843
was published
for
craftcms/cms
(Composer)
Jun 25, 2024
Apache HugeGraph-Server: Command execution in gremlin
Critical
CVE-2024-27348
was published
for
org.apache.hugegraph:hugegraph-api
(Maven)
Apr 22, 2024
SSRF vulnerability using the Aegis DataBinding in Apache CXF
Critical
CVE-2024-28752
was published
for
org.apache.cxf:cxf-core
(Maven)
Mar 15, 2024
pgAdmin 4 vulnerable to Unsafe Deserialization and Remote Code Execution by an Authenticated user
Critical
CVE-2024-2044
was published
for
pgAdmin4
(pip)
Mar 7, 2024
Apache InLong: Logged-in user could exploit an arbitrary file read vulnerability
Critical
CVE-2024-26580
was published
for
org.apache.inlong:manager-common
(Maven)
Mar 6, 2024
NASA AIT-Core vulnerable to SQL Injection
Critical
CVE-2024-35056
was published
for
ait-core
(pip)
May 21, 2024
Apache Axis 1.x (EOL) may allow RCE when untrusted input is passed to getService
Critical
CVE-2023-40743
was published
for
axis:axis
(Maven)
Sep 5, 2023
Apache Jena vulnerable to Deserialization of Untrusted Data
Critical
CVE-2022-45136
was published
for
org.apache.jena:jena-sdb
(Maven)
Nov 14, 2022
Apache StreamPipes: Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in Recovery Token Generation
Critical
CVE-2024-29868
was published
for
org.apache.streampipes:streampipes-resource-management
(Maven)
Jun 24, 2024
VNCAuthProxy authentication bypass vulnerability
Critical
CVE-2022-36436
was published
for
vncauthproxy
(pip)
Sep 16, 2022
Authentication bypass in Apache Airflow
Critical
CVE-2020-13927
was published
for
apache-airflow
(pip)
Apr 30, 2021
XWiki Platform vulnerable to Cross-Site Scripting (XSS) through conflict resolution
Critical
CVE-2024-41947
was published
for
org.xwiki.platform:xwiki-platform-web-templates
(Maven)
Jul 31, 2024
GitHub Security Lab (GHSL) Vulnerability Report: Arbitary write GHSL-2023-182
Critical
CVE-2023-50731
was published
for
mindsdb
(pip)
Dec 15, 2023
SaltStack Salt Command Injection in netapi ssh client
Critical
CVE-2020-16846
was published
for
salt
(pip)
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API