GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,133
Erlang
29
GitHub Actions
19
Go
1,940
Maven
5,000+
npm
3,677
NuGet
645
pip
3,295
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+
3,052 advisories
Filter by severity
Remote code execution in pytorch lightning
Critical
CVE-2024-5452
was published
for
lightning
(pip)
Jun 6, 2024
Arbitrary Code Execution in TYPO3 CMS
Critical
GHSA-67wg-6j7r-mqh8
was published
for
typo3/cms
(Composer)
Jun 5, 2024
Missing Access Check in TYPO3 CMS
Critical
GHSA-gwfx-p7mr-f92v
was published
for
typo3/cms
(Composer)
Jun 5, 2024
Files or Directories Accessible to External Parties in ProjectDiscovery
Critical
CVE-2024-5262
was published
for
github.com/projectdiscovery/interactsh
(Go)
Jun 5, 2024
Jan path traversal vulnerability
Critical
CVE-2024-37273
was published
for
@janhq/core
(npm)
Jun 4, 2024
Jan path traversal vulnerability
Critical
CVE-2024-36858
was published
for
@janhq/core
(npm)
Jun 4, 2024
Unable to generate the correct character set
Critical
CVE-2024-36400
was published
for
nano-id
(Rust)
Jun 4, 2024
nano-id reduced entropy due to inadequate character set usage
Critical
GHSA-2hfw-w739-p7x5
was published
for
nano-id
(Rust)
Jun 4, 2024
qdrant input validation failure
Critical
CVE-2024-3829
was published
for
qdrant-client
(pip)
Jun 3, 2024
Silverpeas authentication bypass
Critical
CVE-2024-36042
was published
for
org.silverpeas.core:silverpeas-core
(Maven)
Jun 3, 2024
qdrant is vulnerable to path traversal due to improper input validation in the `/collections/{name}/snapshots/upload` endpoint
Critical
CVE-2024-3584
was published
for
qdrant
(Rust)
Jun 2, 2024
TYPO3 CMS Insecure Deserialization & Arbitrary Code Execution
Critical
GHSA-cc97-g92w-jm65
was published
for
typo3/cms-core
(Composer)
May 30, 2024
titon/framework vulnerable to Remote Code Execution via Chosen-Ciphertext Attack
Critical
GHSA-q3jm-v27q-jfww
was published
for
titon/framework
(Composer)
May 30, 2024
terminal42/contao-tablelookupwizard possible SQL injection in widget field value
Critical
GHSA-7fpj-wc8v-9cgc
was published
for
terminal42/contao-tablelookupwizard
(Composer)
May 30, 2024
Symfony XML decoding attack vector through external entities
Critical
GHSA-mmcv-fvq8-r9x3
was published
for
symfony/symfony
(Composer)
May 30, 2024
Symfony XML decoding attack vector through external entities
Critical
GHSA-j68w-pg49-f6vx
was published
for
symfony/serializer
(Composer)
May 30, 2024
Swiftmailer Sendmail transport arbitrary shell execution
Critical
GHSA-4qpj-gxxg-jqg4
was published
for
swiftmailer/swiftmailer
(Composer)
May 29, 2024
Mocodo vulnerable to SQL injection in `/web/generate.php`
Critical
CVE-2024-35374
was published
for
mocodo
(pip)
May 28, 2024
SimpleSAMLphp signature validation bypass
Critical
GHSA-fjr2-r2mp-484p
was published
for
simplesamlphp/simplesamlphp
(Composer)
May 28, 2024
Dolibarr vulnerable to SQL Injection
Critical
CVE-2024-5315
was published
for
dolibarr/dolibarr
(Composer)
May 24, 2024
Dolibarr vulnerable to SQL Injection
Critical
CVE-2024-5314
was published
for
dolibarr/dolibarr
(Composer)
May 24, 2024
Silverstripe Brute force bypass on default admin
Critical
GHSA-8v6m-7f5v-hhx6
was published
for
silverstripe/framework
(Composer)
May 23, 2024
VuFind Server-Side Request Forgery (SSRF) vulnerability
Critical
CVE-2024-25738
was published
for
vufind/vufind
(Composer)
May 22, 2024
ProTip!
Advisories are also available from the
GraphQL API