GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,645
Erlang
29
GitHub Actions
16
Go
1,705
Maven
4,937
npm
3,470
NuGet
603
pip
2,982
Pub
10
RubyGems
826
Rust
770
Swift
34
Unreviewed advisories
All unreviewed
5,000+
18,808 advisories
Filter by severity
Shopware Remote Code Execution Vulnerability
Critical
GHSA-q3g4-2vw9-xv27
was published
for
shopware/shopware
(Composer)
May 21, 2024
PyMySQL SQL Injection vulnerability
Critical
CVE-2024-36039
was published
for
pymysql
(pip)
May 21, 2024
sensiolabs/connect has a Cross-Site Request Forgery Vulnerability
Moderate
GHSA-6wqp-7g94-f69j
was published
for
sensiolabs/connect
(Composer)
May 21, 2024
scheb/two-factor-bundle bypass two-factor authentication with remember-me option
High
GHSA-9phw-7h96-q3rv
was published
for
scheb/two-factor-bundle
(Composer)
May 21, 2024
scheb/two-factor-bundle bypass two-factor authentication with unverified JWT trusted device token
High
GHSA-h6mp-mc7g-mg49
was published
for
scheb/two-factor-bundle
(Composer)
May 21, 2024
@fastify/session reuses destroyed session cookie
High
CVE-2024-35220
was published
for
@fastify/session
(npm)
May 21, 2024
ArgoCD Vulnerable to Use of Risky or Missing Cryptographic Algorithms in Redis Cache
Critical
CVE-2024-31989
was published
for
github.com/argoproj/argo-cd
(Go)
May 21, 2024
ic-stable-structures vulnerable to BTreeMap memory leak when deallocating nodes with overflows
Moderate
CVE-2024-4435
was published
for
ic-stable-structures
(Rust)
May 21, 2024
Umbraco CMS Vulnerable to Stored XSS on Content Page Through Markdown Editor Preview Pane
Moderate
CVE-2024-35218
was published
for
UmbracoCms.Core
(NuGet)
May 21, 2024
Gradio applications running locally vulnerable to 3rd party websites accessing routes and uploading files
Moderate
CVE-2024-1727
was published
for
gradio
(pip)
May 21, 2024
OMERO.web must check that the JSONP callback is a valid function
Moderate
CVE-2024-35180
was published
for
omero-web
(pip)
May 21, 2024
Umbraco CMS Open Redirect Bypass Protection
Moderate
CVE-2024-34071
was published
for
Umbraco.Cms.Web.BackOffice
(NuGet)
May 21, 2024
github.com/bincyber/go-sqlcrypter vulnerable to IV collision
Low
GHSA-2j6r-9vv4-6gf5
was published
for
github.com/bincyber/go-sqlcrypter
(Go)
May 20, 2024
github.com/cosmos/ibc-go affected by IBC protocol "Huckleberry" vulnerability
Moderate
GHSA-qjcv-rx3v-7mvj
was published
for
github.com/cosmos/ibc-go
(Go)
May 20, 2024
Stacklok Minder vulnerable to denial of service from maliciously crafted templates
Moderate
CVE-2024-35194
was published
for
github.com/stacklok/minder
(Go)
May 20, 2024
Trivy possibly leaks registry credential when scanning images from malicious registries
Moderate
CVE-2024-35192
was published
for
github.com/aquasecurity/trivy
(Go)
May 20, 2024
verbb/formie Server-Side Template Injection for variable-enabled settings
Moderate
CVE-2024-35191
was published
for
verbb/formie
(Composer)
May 20, 2024
Requests `Session` object does not verify requests after making first request with verify=False
Moderate
CVE-2024-35195
was published
for
requests
(pip)
May 20, 2024
AVideo cross-site scripting vulnerability in the view/about.php page
Moderate
CVE-2024-34899
was published
for
wwbn/avideo
(Composer)
May 20, 2024
MiguelCastillo @bit/loader Prototype Pollution issue
Moderate
CVE-2024-24293
was published
for
@bit/loader
(npm)
May 20, 2024
json-schema-ref-parser Prototype Pollution issue
High
CVE-2024-29651
was published
for
@apidevtools/json-schema-ref-parser
(npm)
May 20, 2024
Blackprint @blackprint/engine Prototype Pollution issue
Moderate
CVE-2024-24294
was published
for
@blackprint/engine
(npm)
May 20, 2024
robrichards/xmlseclibs XPath injection
High
GHSA-2g98-f9jv-w8c5
was published
for
robrichards/xmlseclibs
(Composer)
May 20, 2024
Pusher Service Channel Authentication Bypass
Moderate
GHSA-7v7m-pcw5-h3cg
was published
for
pusher/pusher-php-server
(Composer)
May 20, 2024
propel/propel1 SQL injection possible with limit() on MySQL
Critical
GHSA-7g7c-qhf3-x59p
was published
for
propel/propel1
(Composer)
May 20, 2024
ProTip!
Advisories are also available from the
GraphQL API