GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,605
Erlang
29
GitHub Actions
16
Go
1,698
Maven
4,936
npm
3,466
NuGet
601
pip
2,975
Pub
10
RubyGems
826
Rust
767
Swift
34
Unreviewed advisories
All unreviewed
5,000+
18,744 advisories
Filter by severity
Submariner Operator sets unnecessary RBAC permissions in helm charts
Moderate
CVE-2024-5042
was published
for
github.com/submariner-io/submariner-operator
(Go)
May 17, 2024
ConsoleMe has an Arbitrary File Read Vulnerability via Limited Git command
Critical
CVE-2024-5023
was published
for
consoleme
(pip)
May 16, 2024
Denial of service of Minder Server with attacker-controlled REST endpoint
Moderate
CVE-2024-35185
was published
for
github.com/stacklok/minder
(Go)
May 16, 2024
REXML contains a denial of service vulnerability
Moderate
CVE-2024-35176
was published
for
rexml
(RubyGems)
May 16, 2024
Weights and Biases (wandb) has a Server-Side Request Forgery (SSRF) vulnerability
High
CVE-2024-4642
was published
for
wandb
(pip)
May 16, 2024
MLflow allows low privilege users to delete any artifact
Moderate
CVE-2024-4263
was published
for
mlflow
(pip)
May 16, 2024
MLflow has a Local File Read/Path Traversal bypass
High
CVE-2024-3848
was published
for
mlflow
(pip)
May 16, 2024
Monolog Header injection in NativeMailerHandler
Low
GHSA-f57v-q966-7fh6
was published
for
monolog/monolog
(Composer)
May 15, 2024
Magento RCE,XSS and other vulnerabilities
Critical
GHSA-8j7c-682x-r9f2
was published
for
magento/community-edition
(Composer)
May 15, 2024
Magento Cross-Site Scripting (XSS) vulnerability
Moderate
GHSA-mcfc-67vm-j568
was published
for
magento/community-edition
(Composer)
May 15, 2024
Magento remote code execution (RCE), Cross-Site Scripting (XSS) and other vulnerabilities
Critical
GHSA-5gmh-85x8-5cx7
was published
for
magento/community-edition
(Composer)
May 15, 2024
Magento Open Source Security Advisory: Patch SUPEE-10975
Critical
GHSA-cv25-3pxr-4q7x
was published
for
magento/community-edition
(Composer)
May 15, 2024
Magento Patch SUPEE-9652 - Remote Code Execution using mail vulnerability
Critical
GHSA-26hq-7286-mg8f
was published
for
magento/community-edition
(Composer)
May 15, 2024
Magento Security enhancements that help close RCE,XSS,CSRF and other vulnerabilities
Critical
GHSA-6wm4-3rjj-c8xx
was published
for
magento/community-edition
(Composer)
May 15, 2024
Magento Patch SUPEE-10752 - Multiple security enhancements vulnerabilities
Critical
GHSA-prpf-cj87-hwvr
was published
for
magento/community-edition
(Composer)
May 15, 2024
Data Leakage Vulnerability in livewire/livewire
Moderate
GHSA-qwvp-268g-jjm8
was published
for
livewire/livewire
(Composer)
May 15, 2024
Insecure State Generation in laravel/socialite
Moderate
GHSA-h97c-qp24-439v
was published
for
laravel/socialite
(Composer)
May 15, 2024
State Guessing Vulnerability in laravel/socialite
Moderate
GHSA-7fjv-25q9-2w88
was published
for
laravel/socialite
(Composer)
May 15, 2024
laravel framework SQL Injection via limit and offset functions
High
GHSA-wq8p-mqvg-2p5h
was published
for
laravel/framework
(Composer)
May 15, 2024
laravel framework Unexpected database bindings via requests
High
GHSA-jwvj-pwww-3mj5
was published
for
laravel/framework
(Composer)
May 15, 2024
Laravel Guard bypass in Eloquent models
Moderate
GHSA-44pg-c29v-hp6r
was published
for
laravel/framework
(Composer)
May 15, 2024
Laravel RCE vulnerability in "cookie" session driver
Critical
GHSA-qm5c-m76r-2hfr
was published
for
laravel/framework
(Composer)
May 15, 2024
Laravel Cross-site Scripting (XSS) vulnerability in blade templating
Moderate
GHSA-vr95-p7q6-8m9q
was published
for
laravel/framework
(Composer)
May 15, 2024
Laravel Cookie serialization vulnerability
High
GHSA-6jvx-8ch9-j2jr
was published
for
laravel/framework
(Composer)
May 15, 2024
Laravel Encrypter Component Potential Decryption Failure Leading to Unintended Behavior
Moderate
GHSA-7852-w36x-6mf6
was published
for
laravel/framework
(Composer)
May 15, 2024
ProTip!
Advisories are also available from the
GraphQL API