GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
2,884
Erlang
26
GitHub Actions
16
Go
1,551
Maven
4,850
npm
3,369
NuGet
586
pip
2,535
Pub
10
RubyGems
819
Rust
747
Swift
33
Unreviewed advisories
All unreviewed
5,000+
17,212 advisories
Filter by severity
Podman affected by CVE-2024-1753 container escape at build time
High
CVE-2024-1753
was published
for
github.com/containers/podman/v4
(Go)
Mar 28, 2024
Serverpod improved security for stored password hashes
Moderate
CVE-2024-29886
was published
for
serverpod_auth_server
(Pub)
Mar 28, 2024
Serverpod client accepts any certificate
High
CVE-2024-29887
was published
for
serverpod_client
(Pub)
Mar 28, 2024
Saleor: Customers' addresses leak when using Warehouse as a `Pickup: Local stock only` delivery method
Moderate
CVE-2024-29888
was published
for
saleor
(pip)
Mar 28, 2024
Cilium has insecure IPsec transport encryption
High
CVE-2024-28860
was published
for
github.com/cilium/cilium
(Go)
Mar 28, 2024
Cross site scripting (XSS) in JupyterHub via Self-XSS leveraged by Cookie Tossing
High
CVE-2024-28233
was published
for
jupyterhub
(pip)
Mar 28, 2024
ZITADEL's Improper Content-Type Validation Leads to Account Takeover via Stored XSS + CSP Bypass
High
CVE-2024-29891
was published
for
github.com/zitadel/zitadel
(Go)
Mar 28, 2024
ZITADEL's actions can overload reserved claims
Moderate
CVE-2024-29892
was published
for
github.com/zitadel/zitadel
(Go)
Mar 28, 2024
web3-utils Prototype Pollution vulnerability
High
CVE-2024-21505
was published
for
web3-utils
(npm)
Mar 27, 2024
Elasticsearch Incorrect Authorization vulnerability
Moderate
CVE-2024-23451
was published
for
org.elasticsearch:elasticsearch
(Maven)
Mar 27, 2024
Elasticsearch Uncontrolled Resource Consumption vulnerability
Moderate
CVE-2024-23450
was published
for
org.elasticsearch:elasticsearch
(Maven)
Mar 27, 2024
Gradio's CI vulnerable to Command Injection
High
CVE-2024-1540
was published
for
gradio
(pip)
Mar 27, 2024
•
withdrawn
Eclipse Vert.x memory leak
Moderate
CVE-2024-1023
was published
for
io.vertx:vertx-core
(Maven)
Mar 27, 2024
gradio Server-Side Request Forgery vulnerability
High
CVE-2024-2206
was published
for
gradio
(pip)
Mar 27, 2024
Ignite Realtime Openfire privilege escalation vulnerability
High
CVE-2024-25420
was published
for
org.igniterealtime.openfire:xmppserver
(Maven)
Mar 26, 2024
Ignite Realtime Openfire privilege escalation vulnerability
High
CVE-2024-25421
was published
for
org.igniterealtime.openfire:xmppserver
(Maven)
Mar 26, 2024
TinyMCE Cross-Site Scripting (XSS) vulnerability in handling iframes
Moderate
CVE-2024-29203
was published
for
TinyMCE
(Composer)
Mar 26, 2024
TinyMCE Cross-Site Scripting (XSS) vulnerability in handling external SVG files through Object or Embed elements
Moderate
CVE-2024-29881
was published
for
TinyMCE
(Composer)
Mar 26, 2024
Pimcore Preview Documents are not restricted to logged in users anymore
Moderate
CVE-2024-29197
was published
for
pimcore/pimcore
(Composer)
Mar 26, 2024
Grafana vulnerable to authorization bypass
Moderate
CVE-2024-1313
was published
for
github.com/grafana/grafana
(Go)
Mar 26, 2024
Apache Airflow Improper Preservation of Permissions vulnerability
Moderate
CVE-2024-29735
was published
for
apache-airflow
(pip)
Mar 26, 2024
LangChain's XMLOutputParser vulnerable to XML Entity Expansion
Moderate
CVE-2024-1455
was published
for
langchain-core
(pip)
Mar 26, 2024
Unauthenticated views may expose information to anonymous users
Low
CVE-2024-29199
was published
for
nautobot
(pip)
Mar 26, 2024
phpMyFAQ stored Cross-site Scripting at user email
Moderate
CVE-2024-27300
was published
for
phpmyfaq/phpmyfaq
(Composer)
Mar 25, 2024
phpMyFAQ's File Upload Bypass at Category Image Leads to RCE
High
CVE-2024-28105
was published
for
phpmyfaq/phpmyfaq
(Composer)
Mar 25, 2024
ProTip!
Advisories are also available from the
GraphQL API