GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
2,921
Erlang
28
GitHub Actions
16
Go
1,594
Maven
4,892
npm
3,398
NuGet
591
pip
2,591
Pub
10
RubyGems
821
Rust
758
Swift
34
Unreviewed advisories
All unreviewed
5,000+
17,439 advisories
Filter by severity
Evmos vulnerable to unauthorized account creation with vesting module
Moderate
GHSA-m99c-q26r-m7m7
was published
for
github.com/evmos/evmos/v13
(Go)
Apr 17, 2024
Evmos vulnerable to DOS and transaction fee expropiation through Authz exploit
Critical
GHSA-v6rw-hhgg-wc4x
was published
for
github.com/evmos/evmos/v11
(Go)
Apr 17, 2024
Keycloak Authorization Bypass vulnerability
Moderate
CVE-2023-6544
was published
for
org.keycloak:keycloak-services
(Maven)
Apr 17, 2024
Keycloak Cross-site Scripting (XSS) via assertion consumer service URL in SAML POST-binding flow
High
CVE-2023-6717
was published
for
org.keycloak:keycloak-services
(Maven)
Apr 17, 2024
Keycloak secondary factor bypass in step-up authentication
Moderate
CVE-2023-3597
was published
for
org.keycloak:keycloak-services
(Maven)
Apr 17, 2024
Keycloak path traversal vulnerability in the redirect validation
High
CVE-2024-2419
was published
for
org.keycloak:keycloak-services
(Maven)
Apr 17, 2024
BlazeMeter Jenkins plugin vulnerable to Cross-Site Request Forgery
Moderate
CVE-2024-3825
was published
for
com.blazemeter.plugins:BlazeMeterJenkinsPlugin
(Maven)
Apr 17, 2024
Cross-site Scripting (XSS) possible due to improper sanitisation of `href` attributes on `<a>` tags
High
CVE-2024-32463
was published
for
phlex
(RubyGems)
Apr 17, 2024
OpenFGA Authorization Bypass
High
CVE-2024-31452
was published
for
github.com/openfga/openfga
(Go)
Apr 16, 2024
MSAL.NET applications targeting Xamarin Android and .NET Android (MAUI) susceptible to local denial of service
Low
CVE-2024-27086
was published
for
Microsoft.Identity.Client
(NuGet)
Apr 16, 2024
Duplicate Advisory: Scrapy authorization header leakage on cross-domain redirect
High
GHSA-4q82-j5c2-g2c5
was published
for
scrapy
(pip)
Apr 16, 2024
•
withdrawn
Duplicate Advisory: Scrapy decompression bomb vulnerability
High
GHSA-rmqv-7v3j-mr7p
was published
for
scrapy
(pip)
Apr 16, 2024
•
withdrawn
mlflow vulnerable to Path Traversal
Critical
CVE-2024-3573
was published
for
mlflow
(pip)
Apr 16, 2024
llama-index-core Command Injection vulnerability
Critical
CVE-2024-3271
was published
for
llama-index-core
(pip)
Apr 16, 2024
langchain vulnerable to path traversal
Moderate
CVE-2024-3571
was published
for
langchain
(pip)
Apr 16, 2024
Cross-site Scripting (XSS) in mindsdb/mindsdb
Moderate
CVE-2024-3575
was published
for
mindsdb
(pip)
Apr 16, 2024
Insecure deserialization in BentoML
Critical
CVE-2024-2912
was published
for
bentoml
(pip)
Apr 16, 2024
zenml Session Fixation vulnerability
Moderate
CVE-2024-2260
was published
for
zenml
(pip)
Apr 16, 2024
Request smuggling leading to endpoint restriction bypass in Gunicorn
High
CVE-2024-1135
was published
for
gunicorn
(pip)
Apr 16, 2024
gradio Server-Side Request Forgery vulnerability
Moderate
CVE-2024-1183
was published
for
gradio
(pip)
Apr 16, 2024
ProTip!
Advisories are also available from the
GraphQL API