Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,455
Erlang
29
GitHub Actions
16
Go
1,670
Maven
4,932
npm
3,465
NuGet
600
pip
2,944
Pub
10
RubyGems
824
Rust
767
Swift
34
Unreviewed advisories
All unreviewed
5,000+

18,527 advisories

Microsoft Security Advisory CVE-2024-30046 | .NET Denial of Service Vulnerability Moderate
CVE-2024-30046 was published for Microsoft.AspNetCore.App.Runtime.linux-arm (NuGet) May 14, 2024
Microsoft Security Advisory CVE-2024-30045 | .NET Remote code Execution Vulnerability Moderate
CVE-2024-30045 was published for Microsoft.NetCore.App.Runtime.linux-arm (NuGet) May 14, 2024
Anonymous PrestaShop customer can download other customers' invoices Moderate
CVE-2024-34717 was published for prestashop/prestashop (Composer) May 14, 2024
matthieu-rolland
PrestaShop cross-site scripting via customer contact form in FO, through file upload Critical
CVE-2024-34716 was published for prestashop/prestashop (Composer) May 14, 2024
matthieu-rolland aelmokhtar
sshproxy vulnerable to SSH option injection Low
CVE-2024-34713 was published for github.com/cea-hpc/sshproxy (Go) May 14, 2024
Scrapy allows redirect following in protocols other than HTTP Moderate
GHSA-23j4-mw76-5v7h was published for Scrapy (pip) May 14, 2024
Scrapy's redirects ignoring scheme-specific proxy settings Moderate
GHSA-jm3v-qxmh-hxwv was published for Scrapy (pip) May 14, 2024
Scrapy leaks the authorization header on same-domain but cross-origin redirects Moderate
GHSA-4qqq-9vqf-3h3f was published for Scrapy (pip) May 14, 2024
Szarny
Oceanic allows unsanitized user input to lead to path traversal in URLs Moderate
CVE-2024-34712 was published for oceanic.js (npm) May 14, 2024
Vendicated DonovanDMC
Nuckyz
OctoPrint has an Authentication Bypass via X-Forwarded-For Header when autologinLocal is enabled High
CVE-2024-32977 was published for OctoPrint (pip) May 14, 2024
jacopotediosi
TYPO3 vulnerable to an Uncontrolled Resource Consumption in the ShowImageController Moderate
CVE-2024-34358 was published for typo3/cms-core (Composer) May 14, 2024
derhansen bnf
bmack
TYPO3 vulnerable to Cross-Site Scripting in the ShowImageController Moderate
CVE-2024-34357 was published for typo3/cms-core (Composer) May 14, 2024
derhansen ohader
TYPO3 vulnerable to Cross-Site Scripting in the Form Manager Module Moderate
CVE-2024-34356 was published for typo3/cms-core (Composer) May 14, 2024
bnf
TYPO3 vulnerable to an HTML Injection in the History Module Low
CVE-2024-34355 was published for typo3/cms-core (Composer) May 14, 2024
andreaskienast bnf
Bouncy Castle certificate parsing issues cause high CPU usage during parameter evaluation. Moderate
CVE-2024-29857 was published for BouncyCastle (Maven) May 14, 2024
Bouncy Castle affected by timing side-channel for RSA key exchange ("The Marvin Attack") Moderate
CVE-2024-30171 was published for BouncyCastle (Maven) May 14, 2024
Bouncy Castle crafted signature and public key can be used to trigger an infinite loop Moderate
CVE-2024-30172 was published for BouncyCastle (Maven) May 14, 2024
Directus Lacks Session Tokens Invalidation Moderate
CVE-2024-34709 was published for directus (npm) May 13, 2024
Nautobot's BANNER_* configuration can be used to inject arbitrary HTML content into Nautobot pages High
CVE-2024-34707 was published for nautobot (pip) May 13, 2024
michaelpanorios
NocoDB Vulnerable to Stored Cross-Site Scripting in Formula.vue High
CVE-2023-49781 was published for nocodb (npm) May 13, 2024
zpbrent
Directus allows redacted data extraction on the API through "alias" Moderate
CVE-2024-34708 was published for directus (npm) May 13, 2024
elieehel
NocoDB SQL Injection vulnerability Moderate
CVE-2023-50718 was published for nocodb (npm) May 13, 2024
pyozzi-toss
NocoDB Allows Preview of Files with Dangerous Content Moderate
CVE-2023-50717 was published for nocodb (npm) May 13, 2024
pyozzi-toss
Nokogiri updates packaged libxml2 to v2.12.7 to resolve CVE-2024-34459 Low
GHSA-r95h-9x8f-r3f7 was published for nokogiri (RubyGems) May 13, 2024
@valtimo/components exposes access token to form.io Critical
CVE-2024-34706 was published for @valtimo/components (npm) May 13, 2024
ProTip! Advisories are also available from the GraphQL API