Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,796
Erlang
29
GitHub Actions
16
Go
1,713
Maven
4,948
npm
3,477
NuGet
605
pip
3,006
Pub
10
RubyGems
829
Rust
774
Swift
34
Unreviewed advisories
All unreviewed
5,000+

19,016 advisories

SQL Injection in Harbor scan log API Low
CVE-2024-22261 was published for github.com/goharbor/harbor (Go) Jun 2, 2024
Open Redirect URL in Harbor Moderate
CVE-2024-22244 was published for github.com/goharbor/harbor (Go) Jun 2, 2024
activeadmin vulnerable to stored persistent cross-site scripting (XSS) in dynamic form legends High
CVE-2024-37031 was published for activeadmin (RubyGems) Jun 2, 2024
Password confirmation stored in plain text via registration form in statamic/cms Low
CVE-2024-36119 was published for statamic/cms (Composer) Jun 2, 2024
Unsafe Reflection in base Component class in yiisoft/yii2 High
CVE-2024-4990 was published for yiisoft/yii2 (Composer) Jun 2, 2024
zonia3000 mtangoo
path traversal vulnerability was identified in the parisneo/lollms-webui Moderate
CVE-2024-4330 was published for lollms (pip) Jun 2, 2024
code injection vulnerability exists in the huggingface/text-generation-inference repository Moderate
CVE-2024-3924 was published for text-generation (pip) Jun 2, 2024
qdrant is vulnerable to path traversal due to improper input validation in the `/collections/{name}/snapshots/upload` endpoint Critical
CVE-2024-3584 was published for qdrant (Rust) Jun 2, 2024
Decompressors can crash the JVM and leak memory content in Aircompressor High
CVE-2024-36114 was published for io.airlift:aircompressor (Maven) Jun 2, 2024
ptaoussanis Marcono1234
ip SSRF improper categorization in isPublic High
CVE-2024-29415 was published for ip (npm) Jun 2, 2024
Improper Handling of Insufficient Permissions in `wagtail.contrib.settings` Moderate
CVE-2024-35228 was published for wagtail (pip) Jun 2, 2024
engineervix gasman
RealOrangeOne
Slack integration leaks sensitive information in logs Low
CVE-2024-35196 was published for sentry (pip) Jun 2, 2024
asottile asottile-sentry
Sensitive Data Disclosure Vulnerability in Connection Configuration Endpoints Moderate
CVE-2024-35189 was published for ethyca-fides (pip) Jun 2, 2024
adamsachs
Reflected Cross-site Scripting in yiisoft/yii2 Debug mode Moderate
CVE-2024-32877 was published for yiisoft/yii2 (Composer) Jun 2, 2024
Antiphishing
wanEditor was discovered to contain a cross-site scripting (XSS) vulnerability via the image upload function Moderate
CVE-2022-25037 was published for @wangeditor/editor (npm) May 31, 2024
Ollama does not validate the format of the digest (sha256 with 64 hex digits) Moderate
CVE-2024-37032 was published for github.com/ollama/ollama (Go) May 31, 2024
lukas-braune
TYPO3 Cross-Site Scripting vulnerability in typolinks Moderate
GHSA-75mx-chcf-2q32 was published for typo3/cms (Composer) May 30, 2024
TYPO3 Frontend vulnerable to Unauthenticated Path Disclosure Moderate
GHSA-pqfv-97hj-g97g was published for typo3/cms (Composer) May 30, 2024
TYPO3 Brute Force Protection Bypass in backend login Moderate
GHSA-jqr8-q455-xx45 was published for typo3/cms (Composer) May 30, 2024
TYPO3 Information Disclosure Vulnerability Exploitable by Editors Moderate
GHSA-r287-hc8j-w56h was published for typo3/cms (Composer) May 30, 2024
TYPO3 Cross-Site Scripting Vulnerability Exploitable by Editors Moderate
GHSA-wp8j-c736-c5r3 was published for typo3/cms (Composer) May 30, 2024
TYPO3 frontend login vulnerable to Session Fixation High
GHSA-r9vc-jfmh-6j48 was published for typo3/cms (Composer) May 30, 2024
TYPO3 may allow editors to change, create, or delete metadata of files not within their file mounts High
GHSA-4r76-xr68-w7m7 was published for typo3/cms (Composer) May 30, 2024
TYPO3 possible cache poisoning on the homepage when anchors are used High
GHSA-p84g-j2gh-83g3 was published for typo3/cms (Composer) May 30, 2024
ExtJS JavaScript framework used in TYPO3 vulnerable to Cross-site Scripting Moderate
GHSA-mxjf-hc9v-xgv2 was published for typo3/cms (Composer) May 30, 2024
ProTip! Advisories are also available from the GraphQL API