GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
7,021 advisories
Filter by severity
Apache Airflow vulnerable to Improper Encoding or Escaping of Output
High
CVE-2024-45498
was published
for
apache-airflow
(pip)
Sep 7, 2024
Default installation of `synthetic-monitoring-agent` exposes sensitive information
High
CVE-2022-46156
was published
for
github.com/grafana/synthetic-monitoring-agent
(Go)
Sep 6, 2024
HTML injection in JupyterLite leading to DOM Clobbering
High
GHSA-gj55-2xf9-67rq
was published
for
jupyterlite-core
(pip)
Sep 6, 2024
XXE vulnerability in XSLT transforms in `org.hl7.fhir.core`
High
CVE-2024-45294
was published
for
ca.uhn.hapi.fhir:org.hl7.fhir.dstu2016may
(Maven)
Sep 6, 2024
Interchain Security: The signers of ICS messages do not need to match the provider address
High
GHSA-7q74-g774-7x3g
was published
for
github.com/cosmos/interchain-security
(Go)
Sep 5, 2024
ic-cdk has a memory leak when calling a canister method via `ic_cdk::call`
High
CVE-2024-7884
was published
for
ic_cdk
(Rust)
Sep 5, 2024
Path traversal vulnerability in stripe-cli
High
CVE-2024-45401
was published
for
github.com/stripe/stripe-cli
(Go)
Sep 5, 2024
Nuclei Template Signature Verification Bypass
High
CVE-2024-43405
was published
for
github.com/projectdiscovery/nuclei
(Go)
Sep 4, 2024
Missing connection timeout in Aardvark-dns
High
CVE-2024-8418
was published
for
aardvark-dns
(Rust)
Sep 4, 2024
olm-sys: wrapped library unmaintained, potentially vulnerable
High
GHSA-p2q9-36vw-c468
was published
for
olm-sys
(Rust)
Sep 3, 2024
Hoverfly allows an arbitrary file read in the `/api/v2/simulation` endpoint (`GHSL-2023-274`)
High
CVE-2024-45388
was published
for
github.com/spectolabs/hoverfly
(Go)
Sep 3, 2024
@actions/download-artifact has an Arbitrary File Write via artifact extraction
High
GHSA-cxww-7g56-2vh6
was published
for
actions/download-artifact
(GitHub Actions)
Sep 3, 2024
Denial of service in quinn-proto when using `Endpoint::retry()`
High
CVE-2024-45311
was published
for
quinn-proto
(Rust)
Sep 3, 2024
@actions/artifact has an Arbitrary File Write via artifact extraction
High
CVE-2024-42471
was published
for
@actions/artifact
(npm)
Sep 3, 2024
Pimcore includes vulnerable PHPOffice/PhpSpreadsheet
High
GHSA-hq76-662x-7mw4
was published
for
pimcore/admin-ui-classic-bundle
(Composer)
Sep 3, 2024
@blakeembrey/template vulnerable to code injection when attacker controls template input
High
CVE-2024-45390
was published
for
@blakeembrey/template
(npm)
Sep 3, 2024
Tina search token leak via lock file in TinaCMS
High
CVE-2024-45391
was published
for
@tinacms/cli
(npm)
Sep 3, 2024
Missing hostname validation in Kroxylicious
High
CVE-2024-8285
was published
for
io.kroxylicious:kroxylicious-runtime
(Maven)
Aug 31, 2024
`spam` project on PyPI compromised, malicious releases made
High
GHSA-2r6g-7r83-jg72
was published
for
spam
(pip)
Aug 30, 2024
opencv-python bundled libwebp binaries in wheels that are vulnerable to CVE-2023-4863
High
GHSA-qr4w-53vh-m672
was published
for
opencv-python
(pip)
Aug 30, 2024
opencv-contrib-python bundled libwebp binaries in wheels that are vulnerable to CVE-2023-4863
High
GHSA-cxjf-x6jp-p7mc
was published
for
opencv-contrib-python
(pip)
Aug 30, 2024
opencv-python-headless bundled libwebp binaries in wheels that are vulnerable to CVE-2023-4863
High
GHSA-jh2j-j4j9-crg3
was published
for
opencv-python-headless
(pip)
Aug 30, 2024
opencv-contrib-python-headless bundled libwebp binaries in wheels that are vulnerable to CVE-2023-4863
High
GHSA-w2pj-9cgh-mq2c
was published
for
opencv-contrib-python-headless
(pip)
Aug 30, 2024
gratient 0.5 contains credential harvesting code
High
GHSA-xm4r-5rj9-2pg3
was published
for
gratient
(pip)
Aug 30, 2024
`exotel` project on PyPI compromised, malicious release made
High
GHSA-x6xg-3fj2-4pq3
was published
for
exotel
(pip)
Aug 30, 2024
ProTip!
Advisories are also available from the
GraphQL API