GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,749
Maven
4,978
npm
3,509
NuGet
609
pip
3,084
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
6,721 advisories
Filter by severity
Observable Timing Discrepancy in pypqc
High
GHSA-hvh4-5qr6-3v7r
was published
for
pypqc
(pip)
Jun 5, 2024
Denial of Service via Zip/Decompression Bomb sent over HTTP or gRPC
High
CVE-2024-36129
was published
for
go.opentelemetry.io/collector/config/configgrpc
(Go)
Jun 5, 2024
Insecure Deserialization & Arbitrary Code Execution in TYPO3 CMS
High
GHSA-ppgf-8745-8pgx
was published
for
typo3/cms
(Composer)
Jun 5, 2024
Privilege Escalation & SQL Injection in TYPO3 CMS
High
GHSA-7qwg-fcpw-xg5g
was published
for
typo3/cms
(Composer)
Jun 5, 2024
TYPO3 Remote Code Execution in third party library swiftmailer
High
GHSA-g4pf-3jvq-2gcw
was published
for
typo3/cms
(Composer)
Jun 5, 2024
Insecure Deserialization in TYPO3 CMS
High
GHSA-8h28-f46f-m87h
was published
for
typo3/cms
(Composer)
Jun 5, 2024
Remote code execution in web server context
High
CVE-2024-37295
was published
for
aimeos/aimeos-core
(Composer)
Jun 5, 2024
Jan path traversal vulnerability
High
CVE-2024-36857
was published
for
@janhq/core
(npm)
Jun 4, 2024
malicious container creates symlink "mtab" on the host External
High
CVE-2024-5154
was published
for
github.com/cri-o/cri-o
(Go)
Jun 4, 2024
Directus is soft-locked by providing a string value to random string util
High
CVE-2024-36128
was published
for
directus
(npm)
Jun 4, 2024
apko Exposure of HTTP basic auth credentials in log output
High
CVE-2024-36127
was published
for
chainguard.dev/apko
(Go)
Jun 4, 2024
Flooding Server with Thumbnail files
High
CVE-2024-32871
was published
for
pimcore/pimcore
(Composer)
Jun 4, 2024
javascript-deobfuscator crafted payload can lead to code execution
High
CVE-2024-36120
was published
for
js-deobfuscator
(npm)
Jun 4, 2024
XML External Entity (XXE) Processing in TYPO3 Core
High
GHSA-qffc-gwpp-m2xr
was published
for
typo3/cms
(Composer)
Jun 4, 2024
ydata unsafe deserialization
High
CVE-2024-37062
was published
for
ydata-profiling
(pip)
Jun 4, 2024
ydata unsafe deserialization
High
CVE-2024-37064
was published
for
ydata-profiling
(pip)
Jun 4, 2024
ProTip!
Advisories are also available from the
GraphQL API