Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,825
Erlang
29
GitHub Actions
16
Go
1,715
Maven
4,950
npm
3,479
NuGet
605
pip
3,009
Pub
10
RubyGems
830
Rust
776
Swift
34
Unreviewed advisories
All unreviewed
5,000+

19,056 advisories

Unable to generate the correct character set Critical
CVE-2024-36400 was published for nano-id (Rust) Jun 4, 2024
ciffelia
malicious container creates symlink "mtab" on the host External High
CVE-2024-5154 was published for github.com/cri-o/cri-o (Go) Jun 4, 2024
eriksjolund
Directus is soft-locked by providing a string value to random string util High
CVE-2024-36128 was published for directus (npm) Jun 4, 2024
Zehir
apko Exposure of HTTP basic auth credentials in log output High
CVE-2024-36127 was published for chainguard.dev/apko (Go) Jun 4, 2024
kolloch
nano-id reduced entropy due to inadequate character set usage Critical
GHSA-2hfw-w739-p7x5 was published for nano-id (Rust) Jun 4, 2024
iq80 Snappy out-of-bounds read when uncompressing data, leading to JVM crash Moderate
CVE-2024-36124 was published for org.iq80.snappy:snappy (Maven) Jun 4, 2024
Flooding Server with Thumbnail files High
CVE-2024-32871 was published for pimcore/pimcore (Composer) Jun 4, 2024
jheimbach dandanx
javascript-deobfuscator crafted payload can lead to code execution High
CVE-2024-36120 was published for js-deobfuscator (npm) Jun 4, 2024
SteakEnthusiast
Denial of Service (DoS) attack possibility in TYPO3 component Indexed Search Moderate
GHSA-pmxp-7224-h794 was published for typo3/cms (Composer) Jun 4, 2024
Typo3 Arbitrary File Disclosure in Form Component Moderate
GHSA-wrpf-2x8h-82gr was published for typo3/cms (Composer) Jun 4, 2024
Cross-Site Scripting (XSS) in TYPO3 component CSS styled content Moderate
GHSA-8j9v-4hhh-x43c was published for typo3/cms (Composer) Jun 4, 2024
XML External Entity (XXE) Processing in TYPO3 Core High
GHSA-qffc-gwpp-m2xr was published for typo3/cms (Composer) Jun 4, 2024
Cross-Site Scripting (XSS) in TYPO3 component Backend Moderate
GHSA-3jxq-5xhh-9jr3 was published for typo3/cms (Composer) Jun 4, 2024
Reflected Cross-Site Scripting (XSS) in Dolibarr Moderate
CVE-2024-34051 was published for dolibarr/dolibarr (Composer) Jun 3, 2024
TYPO3 Cross-Site Scripting (XSS) in form component Moderate
GHSA-5j86-5xvg-7q93 was published for typo3/cms (Composer) Jun 3, 2024
TYPO3 Cross-Site Scripting in legacy form component Moderate
GHSA-vgm8-r9gm-fw59 was published for typo3/cms (Composer) Jun 3, 2024
TYPO3 Cross-Site Scripting in link validator component Moderate
GHSA-cg4m-qjjp-7497 was published for typo3/cms (Composer) Jun 3, 2024
TYPO3 Multiple Cross-Site Scripting vulnerabilities in frontend Moderate
GHSA-6fc6-cj2j-h22x was published for typo3/cms (Composer) Jun 3, 2024
TYPO3 SQL Injection in dbal High
GHSA-9895-53fc-98v2 was published for typo3/cms (Composer) Jun 3, 2024
Cross-Site Scripting in TYPO3 component Indexed Search Moderate
GHSA-wh8q-72cp-p5wf was published for typo3/cms (Composer) Jun 3, 2024
TYPO3 is susceptible to Cross-Site Flashing Moderate
GHSA-qrxh-46mr-pr7q was published for typo3/cms (Composer) Jun 3, 2024
Multiple Cross-Site Scripting vulnerabilities in TYPO3 backend Moderate
GHSA-5cxf-xx9j-54jc was published for typo3/cms (Composer) Jun 3, 2024
qdrant input validation failure Critical
CVE-2024-3829 was published for qdrant-client (pip) Jun 3, 2024
Silverpeas authentication bypass High
CVE-2024-36042 was published for org.silverpeas.core:silverpeas-core (Maven) Jun 3, 2024
SQL Injection in Harbor scan log API Low
CVE-2024-22261 was published for github.com/goharbor/harbor (Go) Jun 2, 2024
ProTip! Advisories are also available from the GraphQL API