Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,190
Erlang
31
GitHub Actions
19
Go
1,985
Maven
5,000+
npm
3,702
NuGet
656
pip
3,327
Pub
11
RubyGems
883
Rust
837
Swift
36
Unreviewed advisories
All unreviewed
5,000+

1,142 advisories

Loading
Sliver Allows Authenticated Operator-to-Server Remote Code Execution High
CVE-2024-41111 was published for github.com/bishopfox/sliver (Go) Jul 18, 2024
hyperreality
A vulnerability in the web-based management interface of Cisco AsyncOS for Secure Email Gateway... Moderate Unreviewed
CVE-2024-20429 was published Jul 17, 2024
dbt has an implicit override for built-in materializations from installed packages Moderate
CVE-2024-40637 was published for dbt-core (pip) Jul 17, 2024
brabster
Apache Airflow Potential Cross-site Scripting Vulnerability Moderate
CVE-2024-39863 was published for apache-airflow (pip) Jul 17, 2024
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection'... Moderate Unreviewed
CVE-2024-38700 was published Jul 12, 2024
Apache Wicket: Remote code execution via XSLT injection High
CVE-2024-36522 was published for org.apache.wicket:wicket-util (Maven) Jul 12, 2024
westonsteimel
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection'... Low Unreviewed
CVE-2024-35777 was published Jul 9, 2024
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection'... Low Unreviewed
CVE-2024-37253 was published Jul 9, 2024
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection'... Low Unreviewed
CVE-2024-37442 was published Jul 9, 2024
A vulnerability was found in playSMS 1.4.3. It has been rated as problematic. Affected by this... Moderate Unreviewed
CVE-2024-6470 was published Jul 3, 2024
A vulnerability was found in playSMS 1.4.3. It has been declared as problematic. Affected by this... Moderate Unreviewed
CVE-2024-6469 was published Jul 3, 2024
Soft Circle French-Bread Melty Blood: Actress Again: Current Code through 1.07 Rev. 1.4.0 allows... Critical Unreviewed
CVE-2024-39704 was published Jul 3, 2024
DataGear v5.0.0 and earlier was discovered to contain a SpEL (Spring Expression Language)... Critical Unreviewed
CVE-2024-37759 was published Jun 24, 2024
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection'... Moderate Unreviewed
CVE-2024-35680 was published Jun 10, 2024
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection'... Moderate Unreviewed
CVE-2024-35728 was published Jun 10, 2024
willdurand/js-translation-bundle potential path traversal attack and remote code injection Critical
GHSA-x86x-qhf8-f37w was published for willdurand/js-translation-bundle (Composer) Jun 7, 2024
Zend-Mail remote code execution in zend-mail via Sendmail adapter High
GHSA-cxf7-m5g2-v594 was published for zendframework/zend-mail (Composer) Jun 7, 2024
ZendFramework potential remote code execution in zend-mail via Sendmail adapter Moderate
GHSA-gff2-p6vm-3p8g was published for zendframework/zendframework (Composer) Jun 7, 2024
ZendFramework Potential Proxy Injection Vulnerabilities Moderate
GHSA-mg7h-9qfx-4r83 was published for zendframework/zendframework (Composer) Jun 7, 2024
ZendFramework Route Parameter Injection Via Query String in `Zend\Mvc` High
GHSA-jq87-2wxp-8349 was published for zendframework/zendframework (Composer) Jun 7, 2024
The EmailGPT service contains a prompt injection vulnerability. The service uses an API service... Moderate Unreviewed
CVE-2024-5184 was published Jun 5, 2024
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection'... Moderate Unreviewed
CVE-2023-23738 was published Jun 4, 2024
TYPO3 CMS Insecure Deserialization & Arbitrary Code Execution Critical
GHSA-cc97-g92w-jm65 was published for typo3/cms-core (Composer) May 30, 2024
symbiote/silverstripe-multivaluefield Possible PHP Object Injection via Multi-Value Field Extension Moderate
GHSA-g5vj-wj9x-4jg9 was published for symbiote/silverstripe-multivaluefield (Composer) May 29, 2024
SimpleSAMLphp Link Injection vulnerability Moderate
GHSA-v858-922f-fj9v was published for simplesamlphp/simplesamlphp (Composer) May 28, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database