GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,825
Erlang
29
GitHub Actions
16
Go
1,715
Maven
4,950
npm
3,479
NuGet
605
pip
3,009
Pub
10
RubyGems
832
Rust
776
Swift
34
Unreviewed advisories
All unreviewed
5,000+
19,058 advisories
Filter by severity
Missing security headers in Action Pack on non-HTML responses
Moderate
CVE-2024-28103
was published
for
actionpack
(RubyGems)
Jun 4, 2024
ActionText ContentAttachment can Contain Unsanitized HTML
Moderate
CVE-2024-32464
was published
for
actiontext
(RubyGems)
Jun 4, 2024
Unable to generate the correct character set
Critical
CVE-2024-36400
was published
for
nano-id
(Rust)
Jun 4, 2024
malicious container creates symlink "mtab" on the host External
High
CVE-2024-5154
was published
for
github.com/cri-o/cri-o
(Go)
Jun 4, 2024
Directus is soft-locked by providing a string value to random string util
High
CVE-2024-36128
was published
for
directus
(npm)
Jun 4, 2024
apko Exposure of HTTP basic auth credentials in log output
High
CVE-2024-36127
was published
for
chainguard.dev/apko
(Go)
Jun 4, 2024
nano-id reduced entropy due to inadequate character set usage
Critical
GHSA-2hfw-w739-p7x5
was published
for
nano-id
(Rust)
Jun 4, 2024
iq80 Snappy out-of-bounds read when uncompressing data, leading to JVM crash
Moderate
CVE-2024-36124
was published
for
org.iq80.snappy:snappy
(Maven)
Jun 4, 2024
Flooding Server with Thumbnail files
High
CVE-2024-32871
was published
for
pimcore/pimcore
(Composer)
Jun 4, 2024
javascript-deobfuscator crafted payload can lead to code execution
High
CVE-2024-36120
was published
for
js-deobfuscator
(npm)
Jun 4, 2024
Denial of Service (DoS) attack possibility in TYPO3 component Indexed Search
Moderate
GHSA-pmxp-7224-h794
was published
for
typo3/cms
(Composer)
Jun 4, 2024
Typo3 Arbitrary File Disclosure in Form Component
Moderate
GHSA-wrpf-2x8h-82gr
was published
for
typo3/cms
(Composer)
Jun 4, 2024
Cross-Site Scripting (XSS) in TYPO3 component CSS styled content
Moderate
GHSA-8j9v-4hhh-x43c
was published
for
typo3/cms
(Composer)
Jun 4, 2024
XML External Entity (XXE) Processing in TYPO3 Core
High
GHSA-qffc-gwpp-m2xr
was published
for
typo3/cms
(Composer)
Jun 4, 2024
Cross-Site Scripting (XSS) in TYPO3 component Backend
Moderate
GHSA-3jxq-5xhh-9jr3
was published
for
typo3/cms
(Composer)
Jun 4, 2024
Reflected Cross-Site Scripting (XSS) in Dolibarr
Moderate
CVE-2024-34051
was published
for
dolibarr/dolibarr
(Composer)
Jun 3, 2024
TYPO3 Cross-Site Scripting (XSS) in form component
Moderate
GHSA-5j86-5xvg-7q93
was published
for
typo3/cms
(Composer)
Jun 3, 2024
TYPO3 Cross-Site Scripting in legacy form component
Moderate
GHSA-vgm8-r9gm-fw59
was published
for
typo3/cms
(Composer)
Jun 3, 2024
TYPO3 Cross-Site Scripting in link validator component
Moderate
GHSA-cg4m-qjjp-7497
was published
for
typo3/cms
(Composer)
Jun 3, 2024
TYPO3 Multiple Cross-Site Scripting vulnerabilities in frontend
Moderate
GHSA-6fc6-cj2j-h22x
was published
for
typo3/cms
(Composer)
Jun 3, 2024
TYPO3 SQL Injection in dbal
High
GHSA-9895-53fc-98v2
was published
for
typo3/cms
(Composer)
Jun 3, 2024
Cross-Site Scripting in TYPO3 component Indexed Search
Moderate
GHSA-wh8q-72cp-p5wf
was published
for
typo3/cms
(Composer)
Jun 3, 2024
TYPO3 is susceptible to Cross-Site Flashing
Moderate
GHSA-qrxh-46mr-pr7q
was published
for
typo3/cms
(Composer)
Jun 3, 2024
Multiple Cross-Site Scripting vulnerabilities in TYPO3 backend
Moderate
GHSA-5cxf-xx9j-54jc
was published
for
typo3/cms
(Composer)
Jun 3, 2024
qdrant input validation failure
Critical
CVE-2024-3829
was published
for
qdrant-client
(pip)
Jun 3, 2024
ProTip!
Advisories are also available from the
GraphQL API