Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,631
Erlang
29
GitHub Actions
16
Go
1,698
Maven
4,937
npm
3,466
NuGet
601
pip
2,977
Pub
10
RubyGems
826
Rust
769
Swift
34
Unreviewed advisories
All unreviewed
5,000+

18,775 advisories

Passbolt Api Remote code execution High
GHSA-cv5c-2qv5-w2m2 was published for passbolt/passbolt_api (Composer) May 20, 2024
Passbolt Api Retrieval of HTTP-only cookies Low
GHSA-f5pp-pmq8-gp46 was published for passbolt/passbolt_api (Composer) May 20, 2024
Passbolt Api E-mail HTML injection Moderate
GHSA-v86m-j5f7-ccwh was published for passbolt/passbolt_api (Composer) May 20, 2024
aiosmtpd STARTTLS unencrypted commands injection Moderate
CVE-2024-34083 was published for aiosmtpd (pip) May 20, 2024
Arusekk
veraPDF has potential XSLT injection vulnerability when using policy files High
CVE-2024-28109 was published for org.verapdf:core (Maven) May 20, 2024
OroPlatform Forced Redirect to External Website Moderate
GHSA-3vhm-q4w3-rw8q was published for oro/platform (Composer) May 20, 2024
OroCRM Forced Redirect to External Website Moderate
GHSA-v8hp-239v-9367 was published for oro/crm (Composer) May 20, 2024
litellm passes untrusted data to `eval` function without sanitization High
CVE-2024-4264 was published for litellm (pip) May 18, 2024
Tor Arti's STUB circuits incorrectly have a length of 2 High
CVE-2024-35312 was published for arti (Rust) May 18, 2024
Tor path lengths too short when "full Vanguards" configured Moderate
CVE-2024-35313 was published for arti (Rust) May 18, 2024
random_compat Uses insecure CSPRNG Low
GHSA-3fmq-x9q6-wm39 was published for paragonie/random_compat (Composer) May 17, 2024
onelogin/php-saml signature wrapping attacks Moderate
CVE-2016-1000253 was published for onelogin/php-saml (Composer) May 17, 2024
onelogin/php-saml Improper signature validation on LogoutRequest/LogoutResponse. Low
GHSA-9wrw-p9rm-r782 was published for onelogin/php-saml (Composer) May 17, 2024
nzo/url-encryptor-bundle Insecure default secret key and IV allowing anyone to decrypt values High
GHSA-r2r8-36pq-27cm was published for nzo/url-encryptor-bundle (Composer) May 17, 2024
Flow Swift Mailer package Remote code execution Critical
GHSA-rq6q-hjvh-5mwh was published for neos/swiftmailer (Composer) May 17, 2024
Cross-site Scripting vulnerabilities in Neos High
GHSA-6cj3-rc4p-f38f was published for neos/neos (Composer) May 17, 2024
Privilege Escalation in TYPO3 Neos Moderate
GHSA-43cf-7f3h-38rg was published for neos/neos (Composer) May 17, 2024
Time-Based Information Disclosure Vulnerability in Flow Moderate
GHSA-6pq8-67pw-j6hw was published for neos/flow (Composer) May 17, 2024
Neos Information Disclosure Security Note High
GHSA-3c5g-73f7-grvm was published for neos/neos (Composer) May 17, 2024
Neos Flow Information disclosure in entity security Moderate
GHSA-9cw3-j7wg-jwj8 was published for neos/flow (Composer) May 17, 2024
Neos Flow Arbitrary file upload and XML External Entity processing Moderate
GHSA-5vv7-j593-mgjc was published for neos/flow (Composer) May 17, 2024
Insecure deserialize Vulnerability in FLOW3 Low
GHSA-7h74-7vcw-4mwp was published for neos/flow (Composer) May 17, 2024
namshi/jose - Verification bypass Critical
GHSA-4rr6-gf59-ggw5 was published for namshi/jose (Composer) May 17, 2024
namshi/jose insecure JSON Web Signatures (JWS) High
GHSA-hxhc-wmg8-xrqf was published for namshi/jose (Composer) May 17, 2024
Submariner Operator sets unnecessary RBAC permissions in helm charts Moderate
CVE-2024-5042 was published for github.com/submariner-io/submariner-operator (Go) May 17, 2024
ProTip! Advisories are also available from the GraphQL API