Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,238
Erlang
31
GitHub Actions
21
Go
2,005
Maven
5,000+
npm
3,716
NuGet
661
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+

3,117 advisories

Loading
Remote Code Execution (RCE) vulnerability in geoserver Critical
CVE-2024-36401 was published for org.geoserver.web:gs-web-app (Maven) Jul 1, 2024
sikeoka jodygarnett
ZDI-CAN-23894: Parse Server literalizeRegexPart SQL Injection Authentication Bypass Vulnerability Critical
CVE-2024-39309 was published for parse-server (npm) Jul 1, 2024
mtrezza
jsonic was discovered to contain a prototype pollution via the function empty. Critical
CVE-2024-38993 was published for jsonic (npm) Jul 1, 2024 withdrawn
wzrdtales
Gin mishandles a wildcard at the end of an origin string Critical
CVE-2019-25211 was published for github.com/gin-contrib/cors (Go) Jun 29, 2024
pytorch-lightning vulnerable to Arbitrary File Write via /v1/runs API endpoint Critical
CVE-2024-5980 was published for lightning (pip) Jun 27, 2024
awaelchli
litellm vulnerable to remote code execution based on using eval unsafely Critical
CVE-2024-5751 was published for litellm (pip) Jun 27, 2024
vanna vulnerable to remote code execution caused by prompt injection Critical
CVE-2024-5826 was published for vanna (pip) Jun 27, 2024
Craft CMS SQL injection vulnerability via the GraphQL API endpoint Critical
CVE-2024-37843 was published for craftcms/cms (Composer) Jun 25, 2024
XWiki programming rights may be inherited by inclusion Critical
CVE-2024-38369 was published for org.xwiki.platform:xwiki-platform-rendering-macro-include (Maven) Jun 24, 2024
Apache StreamPipes: Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in Recovery Token Generation Critical
CVE-2024-29868 was published for org.apache.streampipes:streampipes-resource-management (Maven) Jun 24, 2024
oscerd
Remote Code Execution via path traversal bypass in lollms Critical
CVE-2024-5443 was published for lollms (pip) Jun 22, 2024
XWiki Platform allows remote code execution from user account Critical
CVE-2024-37899 was published for org.xwiki.platform:xwiki-platform-oldcore (Maven) Jun 20, 2024
rke's credentials are stored in the RKE1 Cluster state ConfigMap Critical
CVE-2023-32191 was published for github.com/rancher/rke (Go) Jun 17, 2024
DeepJavaLibrary API absolute path traversal Critical
CVE-2024-37902 was published for ai.djl:api (Maven) Jun 17, 2024
obx Prototype Pollution Critical
CVE-2024-36573 was published for @almela/obx (npm) Jun 17, 2024
Magento Open Source affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability Critical
CVE-2024-34102 was published for magento/community-edition (Composer) Jun 13, 2024
Magento Open Source Improper Authentication vulnerability Critical
CVE-2024-34103 was published for magento/community-edition (Composer) Jun 13, 2024
Apache Submarine Server Core Incorrect Authorization vulnerability Critical
CVE-2024-36265 was published for apache-submarine (Maven) Jun 12, 2024
parisneo/lollms Local File Inclusion (LFI) attack Critical
CVE-2024-4315 was published for lollms (pip) Jun 12, 2024
Jupyter Server Proxy has a reflected XSS issue in host parameter Critical
CVE-2024-35225 was published for jupyter-server-proxy (pip) Jun 11, 2024
dlqqq
document-merge-service vulnerable to Remote Code Execution via Server-Side Template Injection Critical
CVE-2024-37301 was published for document-merge-service (pip) Jun 11, 2024
c0rydoras
lunary-ai/lunary allows users unauthorized access to projects Critical
CVE-2024-4146 was published for lunary (npm) Jun 8, 2024 withdrawn
vincelwt
Zendframework1 Potential SQL injection in ORDER and GROUP functions Critical
GHSA-6fqw-j3vm-7f66 was published for zendframework/zendframework1 (Composer) Jun 7, 2024
Zendframework1 potential SQL injection vector using null byte for PDO (MsSql, SQLite) Critical
GHSA-v42g-7q2x-cw32 was published for zendframework/zendframework1 (Composer) Jun 7, 2024
ZendFramework1 Potential SQL injection in the ORDER implementation of Zend_Db_Select Critical
GHSA-2x36-qhx3-7m5f was published for zendframework/zendframework1 (Composer) Jun 7, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database