Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,090
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+

8,644 advisories

Loading
Eclipse Vert.x vulnerable to a memory leak in TCP servers Moderate
CVE-2024-1300 was published for io.vertx:vertx-core (Maven) Apr 2, 2024
Eclipse Vert.x memory leak Moderate
CVE-2024-1023 was published for io.vertx:vertx-core (Maven) Mar 27, 2024
marcelstoer
Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability Moderate
CVE-2024-35255 was published for @azure/identity (Go) Jun 11, 2024
scottaddie localden
Moodle HTTP authorization header is preserved between "emulated redirects" Moderate
CVE-2024-38275 was published for moodle/moodle (Composer) Jun 18, 2024
curve25519-dalek has timing variability in `curve25519-dalek`'s `Scalar29::sub`/`Scalar52::sub` Moderate
GHSA-x4gp-pqpj-f43q was published for curve25519-dalek (Rust) Jun 18, 2024
PocketBase performs password auth and OAuth2 unverified email linking Moderate
CVE-2024-38351 was published for github.com/pocketbase/pocketbase (Go) Jun 18, 2024
dalurness
Minder affected by denial of service from maliciously configured Git repository Moderate
CVE-2024-37904 was published for github.com/stacklok/minder (Go) Jun 18, 2024
AdamKorcz DavidKorczynski
PyMongo Out-of-bounds Read in the bson module Moderate
CVE-2024-5629 was published for pymongo (pip) Jun 5, 2024
Withdrawn Advisory: Subrion CMS vulnerable to SQL Injection Moderate
CVE-2024-25400 was published for intelliants/subrion (Composer) Feb 27, 2024 withdrawn
Vyper's raw_call `value=` kwargs not disabled for static and delegate calls Moderate
CVE-2024-24567 was published for vyper (pip) Jan 30, 2024
cyberthirst pcaversaccio
kuroi8 0xdeadbeef0x
vyper performs double eval of raw_args in create_from_blueprint Moderate
CVE-2024-32647 was published for vyper (pip) Apr 25, 2024
vyper performs multiple eval of `sqrt()` argument built in Moderate
CVE-2024-32649 was published for vyper (pip) Apr 25, 2024
cyberthirst
vyper performs double eval of the slice start/length args in certain cases Moderate
CVE-2024-32646 was published for vyper (pip) Apr 25, 2024
cyberthirst
vyper performs incorrect topic logging in raw_log Moderate
CVE-2024-32645 was published for vyper (pip) Apr 25, 2024
chen-robert
scikit-learn sensitive data leakage vulnerability Moderate
CVE-2024-5206 was published for scikit-learn (pip) Jun 6, 2024
Rancher's RKE1 Encryption Config kept in plain-text within cluster AppliedSpec Moderate
CVE-2024-22032 was published for github.com/rancher/rancher (Go) Jun 17, 2024
@akbr/update Prototype Pollution Moderate
CVE-2024-36578 was published for @akbr/update (npm) Jun 17, 2024
Object Resolver Prototype Pollution Moderate
CVE-2024-36577 was published for @apphp/object-resolver (npm) Jun 17, 2024
flatten-json Prototype Pollution Moderate
CVE-2024-36574 was published for @allanlancioni/flatten-json (npm) Jun 17, 2024
obx Prototype Pollution Moderate
CVE-2024-36573 was published for @almela/obx (npm) Jun 17, 2024
Lobe Chat API Key Leak Moderate
CVE-2024-37895 was published for @lobehub/chat (npm) Jun 17, 2024
zhuozhiyongde
Firefly III has a MFA bypass in oauth flow Moderate
CVE-2024-37893 was published for grumpydictator/firefly-iii (Composer) Jun 17, 2024
Skelmis
Badger Database Prototype Pollution Moderate
CVE-2024-36581 was published for @abw/badger-database (npm) Jun 17, 2024
object-deep-assign Prototype Pollution Moderate
CVE-2024-36582 was published for @alexbinary/object-deep-assign (npm) Jun 17, 2024
urllib3's Proxy-Authorization request header isn't stripped during cross-origin redirects Moderate
CVE-2024-37891 was published for urllib3 (pip) Jun 17, 2024
pquentin illia-v
ProTip! Advisories are also available from the GraphQL API