Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,978
Erlang
29
GitHub Actions
16
Go
1,768
Maven
4,991
npm
3,537
NuGet
616
pip
3,107
Pub
10
RubyGems
837
Rust
786
Swift
34
Unreviewed advisories
All unreviewed
5,000+

19,477 advisories

Loading
akbr patch-into was discovered to contain a prototype pollution via the function patchInto High
CVE-2024-38991 was published for @akbr/patch-into (npm) Jul 1, 2024
@aofl/cli-lib Prototype Pollution vulnerability Moderate
CVE-2024-38987 was published for @aofl/cli-lib (npm) Jul 1, 2024
Reflected Cross-Site Scripting (XSS) in zenml Moderate
CVE-2024-5062 was published for zenml (pip) Jun 30, 2024
Gin mishandles a wildcard at the end of an origin string Moderate
CVE-2019-25211 was published for github.com/gin-contrib/cors (Go) Jun 29, 2024
Unlimited number of NTS-KE connections can crash ntpd-rs server High
CVE-2024-38528 was published for ntpd (Rust) Jun 28, 2024
CometBFT is unstability during blocksync when syncing from malicious peer Moderate
GHSA-hg58-rf2h-6rr7 was published for github.com/cometbft/cometbft (Go) Jun 28, 2024
unknownfeature
ntlk unsafe deserialization vulnerability High
CVE-2024-39705 was published for nltk (pip) Jun 28, 2024
Name confusion in x509 Subject Alternative Name fields High
CVE-2023-52892 was published for phpseclib/phpseclib (Composer) Jun 28, 2024
litellm vulnerable to improper access control in team management Moderate
CVE-2024-5710 was published for litellm (pip) Jun 27, 2024
krrishdholakia byt3bl33d3r
lollms path traversal vulnerability allows overriding of config.yaml file, leading to RCE High
CVE-2024-5824 was published for lollms (pip) Jun 27, 2024
lollms vulnerable to path traversal due to unauthenticated root folder settings change High
CVE-2024-6085 was published for lollms (pip) Jun 27, 2024
litellm vulnerable to remote code execution based on using eval unsafely Critical
CVE-2024-5751 was published for litellm (pip) Jun 27, 2024
vanna vulnerable to remote code execution caused by prompt injection Critical
CVE-2024-5826 was published for vanna (pip) Jun 27, 2024
h2o vulnerable to unexpected POST request shutting down server High
CVE-2024-5979 was published for h2o (pip) Jun 27, 2024
pytorch-lightning vulnerable to Arbitrary File Write via /v1/runs API endpoint Critical
CVE-2024-5980 was published for lightning (pip) Jun 27, 2024
lollms vulnerable to dot-dot-slash path traversal in XTTS server High
CVE-2024-6139 was published for lollms (pip) Jun 27, 2024
Directory creation by malicious user in saltstack Moderate
CVE-2024-22231 was published for salt (pip) Jun 27, 2024
Path traversal in saltstack High
CVE-2024-22232 was published for salt (pip) Jun 27, 2024
Panic when parsing invalid palette-color images in golang.org/x/image Moderate
CVE-2024-24792 was published for golang.org/x/image (Go) Jun 26, 2024
@fastly/js-compute has a use-after-free in some host call implementations Moderate
CVE-2024-38375 was published for @fastly/js-compute (npm) Jun 26, 2024
elliottt
Low severity (DoS) vulnerability in sequoia-openpgp Low
GHSA-9344-p847-qm5c was published for sequoia-openpgp (Rust) Jun 26, 2024
Cross-site Scripting in ZenUML Moderate
CVE-2024-38527 was published for @zenuml/core (npm) Jun 26, 2024
Yash-Singh1
Exposure of secrets through system log in Jenkins Structs Plugin Low
CVE-2024-39458 was published for org.jenkins-ci.plugins:structs (Maven) Jun 26, 2024
Secret file credentials stored unencrypted in rare cases by Plain Credentials Plugin Moderate
CVE-2024-39459 was published for org.jenkins-ci.plugins:plain-credentials (Maven) Jun 26, 2024
Bitbucket OAuth access token exposed in the build log by Bitbucket Branch Source Plugin Moderate
CVE-2024-39460 was published for org.jenkins-ci.plugins:cloudbees-bitbucket-branch-source (Maven) Jun 26, 2024
ProTip! Advisories are also available from the GraphQL API