Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,449
Erlang
29
GitHub Actions
16
Go
1,669
Maven
4,929
npm
3,464
NuGet
595
pip
2,880
Pub
10
RubyGems
824
Rust
767
Swift
34
Unreviewed advisories
All unreviewed
5,000+

18,450 advisories

Directus Lacks Session Tokens Invalidation Moderate
CVE-2024-34709 was published for directus (npm) May 13, 2024
Nautobot's BANNER_* configuration can be used to inject arbitrary HTML content into Nautobot pages High
CVE-2024-34707 was published for nautobot (pip) May 13, 2024
michaelpanorios
NocoDB Vulnerable to Stored Cross-Site Scripting in Formula.vue High
CVE-2023-49781 was published for nocodb (npm) May 13, 2024
zpbrent
Directus allows redacted data extraction on the API through "alias" Moderate
CVE-2024-34708 was published for directus (npm) May 13, 2024
elieehel
NocoDB SQL Injection vulnerability Moderate
CVE-2023-50718 was published for nocodb (npm) May 13, 2024
pyozzi-toss
NocoDB Allows Preview of Files with Dangerous Content Moderate
CVE-2023-50717 was published for nocodb (npm) May 13, 2024
pyozzi-toss
Nokogiri updates packaged libxml2 to v2.12.7 to resolve CVE-2024-34459 Low
GHSA-r95h-9x8f-r3f7 was published for nokogiri (RubyGems) May 13, 2024
@valtimo/components exposes access token to form.io Critical
CVE-2024-34706 was published for @valtimo/components (npm) May 13, 2024
matrix-rust-sdk contains a log exposure of private key of the server-side key backup Moderate
CVE-2024-34353 was published for matrix-sdk-crypto (Rust) May 13, 2024
Mantis Bug Tracker (MantisBT) vulnerable to cross-site scripting Moderate
CVE-2024-34081 was published for mantisbt/mantisbt (Composer) May 13, 2024
atrol dregad
MantisBT Vulnerable to Exposure of Sensitive Information to an Unauthorized Actor Moderate
CVE-2024-34080 was published for mantisbt/mantisbt (Composer) May 13, 2024
vboctor dregad
Mantis Bug Tracker (MantisBT) allows user account takeover in the signup/reset password process High
CVE-2024-34077 was published for mantisbt/mantisbt (Composer) May 13, 2024
dregad redna-xela
llama-cpp-python vulnerable to Remote Code Execution by Server-Side Template Injection in Model Metadata Critical
CVE-2024-34359 was published for llama-cpp-python (pip) May 13, 2024
retr0reg
octo-sts vulnerable to unauthenticated attacker causing unbounded CPU and memory usage Low
CVE-2024-34079 was published for github.com/octo-sts/app (Go) May 13, 2024
enj
Previous ATX is not checked to be the newest valid ATX by Smesher when validating incoming ATX High
CVE-2024-34360 was published for github.com/spacemeshos/api (Go) May 10, 2024
Sylius has potential Cross Site Scripting vulnerability via the "Province" field in the Checkout and Address Book Moderate
CVE-2024-29376 was published for sylius/sylius (Composer) May 10, 2024
Sylius potentially vulnerable to Cross Site Scripting via "Name" field (Taxons, Products, Options, Variants) in Admin Panel Low
CVE-2024-34349 was published for sylius/sylius (Composer) May 10, 2024
Blind XSS Leading to Froxlor Application Compromise Critical
CVE-2024-34070 was published for froxlor/froxlor (Composer) May 10, 2024
UmerAdeemCheema
lobe-chat `/api/proxy` endpoint Server-Side Request Forgery vulnerability Critical
CVE-2024-32964 was published for @lobehub/chat (npm) May 10, 2024
yyzsec
Genie Path Traversal vulnerability via File Uploads Critical
CVE-2024-4701 was published for com.netflix.genie:genie-web (Maven) May 9, 2024
jmoritzc53 JoeBeeton
thelounge may publicly disclose of all usernames/idents via port 113 Low
GHSA-g49q-jw42-6x85 was published for thelounge (npm) May 9, 2024
Juerd
Next.js Server-Side Request Forgery in Server Actions High
CVE-2024-34351 was published for next (npm) May 9, 2024
Next.js Vulnerable to HTTP Request Smuggling High
CVE-2024-34350 was published for next (npm) May 9, 2024
elifoster-block
1Panel arbitrary file write vulnerability Moderate
CVE-2024-34352 was published for github.com/1Panel-dev/1Panel (Go) May 9, 2024
an5er
Malicious Long Unicode filenames may cause a Multiple Application-level Denial of Service Critical
CVE-2024-32874 was published for frigate (pip) May 9, 2024
Sim4n6
ProTip! Advisories are also available from the GraphQL API