Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,902
Maven
5,000+
npm
3,631
NuGet
638
pip
3,246
Pub
10
RubyGems
863
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

389 advisories

Loading
protobuf-java has potential Denial of Service issue High
CVE-2024-7254 was published for com.google.protobuf:protobuf-java (RubyGems) Sep 19, 2024
Mesop has a local file Inclusion via static file serving functionality High
CVE-2024-45601 was published for mesop (pip) Sep 18, 2024
Letm3through
req may send an unintended request when a malformed URL is provided High
CVE-2024-45258 was published for github.com/imroc/req (Go) Aug 26, 2024
webcrack has an Arbitrary File Write Vulnerability on Windows when Parsing and Saving a Malicious Bundle High
CVE-2024-43373 was published for webcrack (npm) Aug 14, 2024
SteakEnthusiast
Apache DolphinScheduler: RCE by arbitrary js execution High
CVE-2024-29831 was published for org.apache.dolphinscheduler:dolphinscheduler (Maven) Aug 12, 2024
Apache DolphinScheduler: Resource File Read And Write Vulnerability High
CVE-2024-30188 was published for org.apache.dolphinscheduler:dolphinscheduler (Maven) Aug 12, 2024
Weave server API vulnerable to arbitrary file leak High
CVE-2024-7340 was published for weave (pip) Jul 31, 2024
Absent Input Validation in BinaryHttpParser High
CVE-2024-40642 was published for io.netty.incubator:netty-incubator-codec-bhttp (Maven) Jul 18, 2024
shombo
Mimekit has vulnerable dependency that can lead to denial of service High
GHSA-gmc6-fwg3-75m5 was published for MimeKit (NuGet) Jul 11, 2024
StefanJonssonInExchange
@discordjs/opus vulnerable to Denial of Service High
CVE-2024-21521 was published for @discordjs/opus (npm) Jul 10, 2024
vladfrangu
Microsoft Security Advisory CVE-2024-38095 | .NET Denial of Service Vulnerability High
CVE-2024-38095 was published for Microsoft.NetCore.App.Runtime.linux-arm (NuGet) Jul 9, 2024
Spring Cloud Function Framework vulnerable to Denial of Service High
CVE-2024-22271 was published for org.springframework.cloud:spring-cloud-function-context (Maven) Jul 9, 2024
socket.io has an unhandled 'error' event High
CVE-2024-38355 was published for socket.io (npm) Jun 19, 2024
Y0ursTruly
Local file inclusion in gradio High
CVE-2024-4941 was published for gradio (pip) Jun 6, 2024
MLFlow improper input validation High
CVE-2024-37061 was published for mlflow (pip) Jun 4, 2024
Moodle ReCAPTCHA can be bypassed on the login page High
CVE-2024-34009 was published for moodle/moodle (Composer) May 31, 2024
Moodle Improper Input Validation High
CVE-2024-33999 was published for moodle/moodle (Composer) May 31, 2024
TYPO3 Arbitrary Shell Execution in Swiftmailer library High
GHSA-45xg-4w5x-j429 was published for typo3/cms (Composer) May 30, 2024
silverstripe/framework has possible denial of service attack vector when flushing High
GHSA-cwgq-83w5-8jfq was published for silverstripe/framework (Composer) May 28, 2024
Uptime Kuma vulnerable to authenticated remote code execution via malicious plugin installation High
CVE-2023-36821 was published for uptime-kuma (npm) May 1, 2024
n-thumann
Heketi Arbitrary Code Execution High
CVE-2017-15103 was published for github.com/heketi/heketi (Go) Apr 24, 2024
Arbitrary file upload vulnerability in GeoServer's REST Coverage Store API High
CVE-2023-51444 was published for org.geoserver:gs-platform (Maven) Mar 20, 2024
sikeoka
Improper HTML sanitization in ZITADEL High
CVE-2024-28855 was published for github.com/zitadel/zitadel (Go) Mar 18, 2024
Apache Pulsar: Improper Input Validation in Pulsar Function Worker allows Remote Code Execution High
CVE-2024-27135 was published for org.apache.pulsar:pulsar-functions-worker (Maven) Mar 12, 2024
oscerd
Apache Pulsar: Pulsar Functions Worker Allows Unauthorized File Access and Unauthorized HTTP/HTTPS Proxying High
CVE-2024-27894 was published for org.apache.pulsar:pulsar-functions-worker (Maven) Mar 12, 2024
oscerd
ProTip! Advisories are also available from the GraphQL API