GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,749
Maven
4,978
npm
3,509
NuGet
609
pip
3,084
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
8,632 advisories
Filter by severity
Generation of Error Message Containing Sensitive Information in zsa
Moderate
CVE-2024-37162
was published
for
zsa
(npm)
Jun 6, 2024
Tornado has a CRLF injection in CurlAsyncHTTPClient headers
Moderate
GHSA-w235-7p84-xx57
was published
for
tornado
(pip)
Jun 6, 2024
Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') in tornado
Moderate
GHSA-753j-mpmx-qq6g
was published
for
tornado
(pip)
Jun 6, 2024
TokenController formName not sanitized in hidden input
Moderate
CVE-2024-37156
was published
for
sulu/form-bundle
(Composer)
Jun 6, 2024
Arbitrary file deletion in litellm
Moderate
CVE-2024-4888
was published
for
litellm
(pip)
Jun 6, 2024
scikit-learn sensitive data leakage vulnerability
Moderate
CVE-2024-5206
was published
for
scikit-learn
(pip)
Jun 6, 2024
Denial of service in langchain-community
Moderate
CVE-2024-2965
was published
for
langchain-community
(pip)
Jun 6, 2024
Server-Side Request Forgery in langchain
Moderate
CVE-2024-3095
was published
for
langchain
(pip)
Jun 6, 2024
Unauthenticated Access to sensitive settings in Argo CD
Moderate
CVE-2024-37152
was published
for
github.com/argoproj/argo-cd/v2/server
(Go)
Jun 6, 2024
Evmos allows unvested token delegations
Moderate
CVE-2024-37154
was published
for
github.com/evmos/evmos/v10
(Go)
Jun 6, 2024
Argo-cd authenticated users can enumerate clusters by name
Moderate
CVE-2024-36106
was published
for
github.com/argoproj/argo-cd
(Go)
Jun 6, 2024
Improper Authentication in CraftCMS two factor authentication plugin
Moderate
CVE-2024-5658
was published
for
born05/craft-twofactorauthentication
(Composer)
Jun 6, 2024
Insecure Unserialize Vulnerability in FLOW3
Moderate
GHSA-m2hp-5x78-74mg
was published
for
typo3/flow
(Composer)
Jun 5, 2024
Typo3 Arbitrary file upload and XML External Entity processing
Moderate
GHSA-2p4f-vc9q-r5vp
was published
for
typo3/flow
(Composer)
Jun 5, 2024
By-passing Protection of PharStreamWrapper Interceptor
Moderate
GHSA-4v5g-8pq2-32m2
was published
for
typo3/phar-stream-wrapper
(Composer)
Jun 5, 2024
Time-Based Information Disclosure Vulnerability in Flow
Moderate
GHSA-r6mm-wmhf-849m
was published
for
typo3/flow
(Composer)
Jun 5, 2024
Privilege Escalation in TYPO3 Neos
Moderate
GHSA-wr3c-6c22-m9v6
was published
for
typo3/neos
(Composer)
Jun 5, 2024
Typo3 Cross-Site Scripting in Language Pack Handling
Moderate
GHSA-259v-xm34-p7fr
was published
for
typo3/cms
(Composer)
Jun 5, 2024
Typo3 Broken Access Control in Import Module
Moderate
GHSA-f5rr-9r84-wwqf
was published
for
typo3/cms
(Composer)
Jun 5, 2024
ProTip!
Advisories are also available from the
GraphQL API