Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,749
Maven
4,978
npm
3,509
NuGet
609
pip
3,084
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+

8,632 advisories

Loading
Generation of Error Message Containing Sensitive Information in zsa Moderate
CVE-2024-37162 was published for zsa (npm) Jun 6, 2024
tom-sherman
Tornado has a CRLF injection in CurlAsyncHTTPClient headers Moderate
GHSA-w235-7p84-xx57 was published for tornado (pip) Jun 6, 2024
sha0sum mschwager
ahpaleus
Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') in tornado Moderate
GHSA-753j-mpmx-qq6g was published for tornado (pip) Jun 6, 2024
TokenController formName not sanitized in hidden input Moderate
CVE-2024-37156 was published for sulu/form-bundle (Composer) Jun 6, 2024
picturestone rogamoore
SQL injection in litellm Moderate
CVE-2024-4890 was published for litellm (pip) Jun 6, 2024
Arbitrary file deletion in litellm Moderate
CVE-2024-4888 was published for litellm (pip) Jun 6, 2024
SQL injection in litellm Moderate
CVE-2024-5225 was published for litellm (pip) Jun 6, 2024
Arbitrary system path lookup in h20 Moderate
CVE-2024-5550 was published for h2o (pip) Jun 6, 2024
scikit-learn sensitive data leakage vulnerability Moderate
CVE-2024-5206 was published for scikit-learn (pip) Jun 6, 2024
Denial of service in langchain-community Moderate
CVE-2024-2965 was published for langchain-community (pip) Jun 6, 2024
eyurtsev efriis
Clickjacking in zenml Moderate
CVE-2024-2383 was published for zenml (pip) Jun 6, 2024
Improper authorization in zenml Moderate
CVE-2024-2035 was published for zenml (pip) Jun 6, 2024
Undefined Behavior in mlflow Moderate
CVE-2024-3099 was published for mlflow (pip) Jun 6, 2024
Server-Side Request Forgery in langchain Moderate
CVE-2024-3095 was published for langchain (pip) Jun 6, 2024
Unauthenticated Access to sensitive settings in Argo CD Moderate
CVE-2024-37152 was published for github.com/argoproj/argo-cd/v2/server (Go) Jun 6, 2024
moshikoHassan
Evmos allows unvested token delegations Moderate
CVE-2024-37154 was published for github.com/evmos/evmos/v10 (Go) Jun 6, 2024
Argo-cd authenticated users can enumerate clusters by name Moderate
CVE-2024-36106 was published for github.com/argoproj/argo-cd (Go) Jun 6, 2024
crenshaw-dev pasha-codefresh
Improper Authentication in CraftCMS two factor authentication plugin Moderate
CVE-2024-5658 was published for born05/craft-twofactorauthentication (Composer) Jun 6, 2024
Insecure Unserialize Vulnerability in FLOW3 Moderate
GHSA-m2hp-5x78-74mg was published for typo3/flow (Composer) Jun 5, 2024
Typo3 Arbitrary file upload and XML External Entity processing Moderate
GHSA-2p4f-vc9q-r5vp was published for typo3/flow (Composer) Jun 5, 2024
By-passing Protection of PharStreamWrapper Interceptor Moderate
GHSA-4v5g-8pq2-32m2 was published for typo3/phar-stream-wrapper (Composer) Jun 5, 2024
Time-Based Information Disclosure Vulnerability in Flow Moderate
GHSA-r6mm-wmhf-849m was published for typo3/flow (Composer) Jun 5, 2024
Privilege Escalation in TYPO3 Neos Moderate
GHSA-wr3c-6c22-m9v6 was published for typo3/neos (Composer) Jun 5, 2024
Typo3 Cross-Site Scripting in Language Pack Handling Moderate
GHSA-259v-xm34-p7fr was published for typo3/cms (Composer) Jun 5, 2024
Typo3 Broken Access Control in Import Module Moderate
GHSA-f5rr-9r84-wwqf was published for typo3/cms (Composer) Jun 5, 2024
ProTip! Advisories are also available from the GraphQL API