Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,626
Erlang
29
GitHub Actions
16
Go
1,698
Maven
4,936
npm
3,466
NuGet
601
pip
2,975
Pub
10
RubyGems
826
Rust
767
Swift
34
Unreviewed advisories
All unreviewed
5,000+

18,765 advisories

random_compat Uses insecure CSPRNG Low
GHSA-3fmq-x9q6-wm39 was published for paragonie/random_compat (Composer) May 17, 2024
onelogin/php-saml signature wrapping attacks Moderate
CVE-2016-1000253 was published for onelogin/php-saml (Composer) May 17, 2024
onelogin/php-saml Improper signature validation on LogoutRequest/LogoutResponse. Low
GHSA-9wrw-p9rm-r782 was published for onelogin/php-saml (Composer) May 17, 2024
nzo/url-encryptor-bundle Insecure default secret key and IV allowing anyone to decrypt values High
GHSA-r2r8-36pq-27cm was published for nzo/url-encryptor-bundle (Composer) May 17, 2024
Flow Swift Mailer package Remote code execution Critical
GHSA-rq6q-hjvh-5mwh was published for neos/swiftmailer (Composer) May 17, 2024
Cross-site Scripting vulnerabilities in Neos High
GHSA-6cj3-rc4p-f38f was published for neos/neos (Composer) May 17, 2024
Privilege Escalation in TYPO3 Neos Moderate
GHSA-43cf-7f3h-38rg was published for neos/neos (Composer) May 17, 2024
Time-Based Information Disclosure Vulnerability in Flow Moderate
GHSA-6pq8-67pw-j6hw was published for neos/flow (Composer) May 17, 2024
Neos Information Disclosure Security Note High
GHSA-3c5g-73f7-grvm was published for neos/neos (Composer) May 17, 2024
Neos Flow Information disclosure in entity security Moderate
GHSA-9cw3-j7wg-jwj8 was published for neos/flow (Composer) May 17, 2024
Neos Flow Arbitrary file upload and XML External Entity processing Moderate
GHSA-5vv7-j593-mgjc was published for neos/flow (Composer) May 17, 2024
Insecure deserialize Vulnerability in FLOW3 Low
GHSA-7h74-7vcw-4mwp was published for neos/flow (Composer) May 17, 2024
namshi/jose - Verification bypass Critical
GHSA-4rr6-gf59-ggw5 was published for namshi/jose (Composer) May 17, 2024
namshi/jose insecure JSON Web Signatures (JWS) High
GHSA-hxhc-wmg8-xrqf was published for namshi/jose (Composer) May 17, 2024
Submariner Operator sets unnecessary RBAC permissions in helm charts Moderate
CVE-2024-5042 was published for github.com/submariner-io/submariner-operator (Go) May 17, 2024
ConsoleMe has an Arbitrary File Read Vulnerability via Limited Git command Critical
CVE-2024-5023 was published for consoleme (pip) May 16, 2024
jaydhulia scottpacknetflix
patricksanders
Denial of service of Minder Server with attacker-controlled REST endpoint Moderate
CVE-2024-35185 was published for github.com/stacklok/minder (Go) May 16, 2024
AdamKorcz DavidKorczynski
REXML contains a denial of service vulnerability Moderate
CVE-2024-35176 was published for rexml (RubyGems) May 16, 2024
Weights and Biases (wandb) has a Server-Side Request Forgery (SSRF) vulnerability High
CVE-2024-4642 was published for wandb (pip) May 16, 2024
MLflow has a Local File Read/Path Traversal bypass High
CVE-2024-3848 was published for mlflow (pip) May 16, 2024
MLflow allows low privilege users to delete any artifact Moderate
CVE-2024-4263 was published for mlflow (pip) May 16, 2024
Monolog Header injection in NativeMailerHandler Low
GHSA-f57v-q966-7fh6 was published for monolog/monolog (Composer) May 15, 2024
Magento RCE,XSS and other vulnerabilities Critical
GHSA-8j7c-682x-r9f2 was published for magento/community-edition (Composer) May 15, 2024
Magento Cross-Site Scripting (XSS) vulnerability Moderate
GHSA-mcfc-67vm-j568 was published for magento/community-edition (Composer) May 15, 2024
Magento remote code execution (RCE), Cross-Site Scripting (XSS) and other vulnerabilities Critical
GHSA-5gmh-85x8-5cx7 was published for magento/community-edition (Composer) May 15, 2024
ProTip! Advisories are also available from the GraphQL API