GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,749
Maven
4,978
npm
3,509
NuGet
609
pip
3,084
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
6,721 advisories
Filter by severity
HashiCorp go-getter Vulnerable to Code Execution On Git Update Via Git Config Manipulation
High
CVE-2024-6257
was published
for
github.com/hashicorp/go-getter
(Go)
Jun 25, 2024
ntlk unsafe deserialization vulnerability
High
CVE-2024-39705
was published
for
nltk
(pip)
Jun 28, 2024
lollms vulnerable to dot-dot-slash path traversal in XTTS server
High
CVE-2024-6139
was published
for
lollms
(pip)
Jun 27, 2024
lollms vulnerable to path traversal due to unauthenticated root folder settings change
High
CVE-2024-6085
was published
for
lollms
(pip)
Jun 27, 2024
h2o vulnerable to unexpected POST request shutting down server
High
CVE-2024-5979
was published
for
h2o
(pip)
Jun 27, 2024
lollms path traversal vulnerability allows overriding of config.yaml file, leading to RCE
High
CVE-2024-5824
was published
for
lollms
(pip)
Jun 27, 2024
Unlimited number of NTS-KE connections can crash ntpd-rs server
High
CVE-2024-38528
was published
for
ntpd
(Rust)
Jun 28, 2024
Podman publishes a malicious image to public registries
High
CVE-2022-1227
was published
for
github.com/containers/podman/v3
(Go)
Apr 30, 2022
Improper Restriction of XML External Entity Reference in org.cyclonedx:cyclonedx-core-java
High
CVE-2024-38374
was published
for
org.cyclonedx:cyclonedx-core-java
(Maven)
Jun 24, 2024
Name confusion in x509 Subject Alternative Name fields
High
CVE-2023-52892
was published
for
phpseclib/phpseclib
(Composer)
Jun 28, 2024
Reactor Netty HTTP Server denial of service vulnerability
High
CVE-2023-34054
was published
for
io.projectreactor.netty:reactor-netty-core
(Maven)
Nov 28, 2023
.NET Denial of Service Vulnerability
High
CVE-2023-38180
was published
for
Microsoft.AspNetCore.App.Runtime.win-arm64
(NuGet)
Aug 9, 2023
github.com/containers/image allows unexpected authenticated registry accesses
High
CVE-2024-3727
was published
for
github.com/containers/image
(Go)
May 14, 2024
SQL injection in hibernate-core
High
CVE-2020-25638
was published
for
org.hibernate:hibernate-core
(Maven)
Feb 9, 2022
Mautic vulnerable to Relative Path Traversal / Arbitrary File Deletion due to GrapesJS builder
High
CVE-2021-27916
was published
for
mautic/core
(Composer)
Apr 12, 2024
glob-parent vulnerable to Regular Expression Denial of Service in enclosure regex
High
CVE-2020-28469
was published
for
glob-parent
(npm)
Jun 7, 2021
malicious container creates symlink "mtab" on the host External
High
CVE-2024-5154
was published
for
github.com/cri-o/cri-o
(Go)
Jun 4, 2024
Memory leaks in code encrypting and verifying RSA payloads
High
CVE-2024-1394
was published
for
github.com/golang-fips/go
(Go)
Mar 20, 2024
Lacking Protection against HTTP Request Smuggling in mitmproxy
High
CVE-2021-39214
was published
for
mitmproxy
(pip)
Sep 20, 2021
pdoc embeds link to malicious CDN if math mode is enabled
High
CVE-2024-38526
was published
for
pdoc
(pip)
Jun 25, 2024
Aimeos HTML client may potentially reveal sensitive information in error log
High
CVE-2024-38516
was published
for
aimeos/ai-client-html
(Composer)
Jun 25, 2024
avo vulnerable to Stored XSS (Cross Site Scripting) in html content based fields
High
CVE-2023-34103
was published
for
avo
(RubyGems)
Jun 6, 2023
avo possible unsafe reflection / partial DoS vulnerability
High
CVE-2023-34102
was published
for
avo
(RubyGems)
Jun 6, 2023
Serialization gadgets exploit in jackson-databind
High
CVE-2020-35491
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Dec 9, 2021
ProTip!
Advisories are also available from the
GraphQL API