Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
2,921
Erlang
28
GitHub Actions
16
Go
1,591
Maven
4,887
npm
3,398
NuGet
590
pip
2,577
Pub
10
RubyGems
820
Rust
758
Swift
34
Unreviewed advisories
All unreviewed
5,000+

17,415 advisories

Duplicate Advisory: Scrapy decompression bomb vulnerability High
GHSA-rmqv-7v3j-mr7p was published for scrapy (pip) Apr 16, 2024 withdrawn
Duplicate Advisory: Scrapy authorization header leakage on cross-domain redirect High
GHSA-4q82-j5c2-g2c5 was published for scrapy (pip) Apr 16, 2024 withdrawn
Request smuggling leading to endpoint restriction bypass in Gunicorn High
CVE-2024-1135 was published for gunicorn (pip) Apr 16, 2024
SixLabors.ImageSharp vulnerable to Use After Free High
CVE-2024-32036 was published for SixLabors.ImageSharp (NuGet) Apr 15, 2024
SixLabors.ImageSharp vulnerable to Memory Allocation with Excessive Size Value Moderate
CVE-2024-32035 was published for SixLabors.ImageSharp (NuGet) Apr 15, 2024
skanejohan
sqlparse parsing heavily nested list leads to Denial of Service High
GHSA-2m57-hf25-phgg was published for sqlparse (pip) Apr 15, 2024
uriyay-jfrog
Argo CD's API server does not enforce project sourceNamespaces Moderate
CVE-2024-31990 was published for github.com/argoproj/argo-cd/v2 (Go) Apr 15, 2024
crenshaw-dev pasha-codefresh
gix-transport indirect code execution via malicious username Moderate
GHSA-98p4-xjmm-8mfh was published for gitoxide (Rust) Apr 15, 2024
EliahKagan
AWS Amplify CLI has incorrect trust policy management High
CVE-2024-28056 was published for @aws-amplify/cli (npm) Apr 15, 2024
Traefik affected by HTTP/2 CONTINUATION flood in net/http Moderate
GHSA-7f4j-64p6-5h5v was published for github.com/traefik/traefik/v2 (Go) Apr 15, 2024
gyoza
Constallation has pods exposed to peers in VPC High
GHSA-g8fc-vrcg-8vjg was published for github.com/edgelesssys/constellation/v2 (Go) Apr 15, 2024
TCPDF Cross-site Scripting vulnerability Moderate
CVE-2024-32489 was published for tecnickcom/tcpdf (Composer) Apr 15, 2024
Sensitive query parameters logged by default in OpenTelemetry.Instrumentation http and AspNetCore Moderate
CVE-2024-32028 was published for OpenTelemetry.Instrumentation.AspNetCore (NuGet) Apr 12, 2024
Dusk plugin may allow unfettered user authentication in misconfigured installs High
CVE-2024-32003 was published for winter/wn-dusk-plugin (Composer) Apr 12, 2024
bennothommo
Mautic: MST-48 Server-Side Request Forgery in Asset section Moderate
CVE-2022-25777 was published for mautic/core (Composer) Apr 12, 2024
lenonleite
NiceGUI allows potential access to local file system High
CVE-2024-32005 was published for nicegui (pip) Apr 12, 2024
sunriseXu
Mautic Sensitive Data Exposure due to inadequate user permission settings High
CVE-2022-25776 was published for mautic/core (Composer) Apr 12, 2024
lenonleite
Mautic SQL Injection in dynamic Reports Moderate
CVE-2022-25775 was published for mautic/core (Composer) Apr 12, 2024
Mautic vulnerable to Relative Path Traversal / Arbitrary File Deletion due to GrapesJS builder High
CVE-2021-27916 was published for mautic/core (Composer) Apr 12, 2024
adiux
Traefik vulnerable to denial of service with Content-length header High
CVE-2024-28869 was published for github.com/traefik/traefik (Go) Apr 12, 2024
Prajithp
Apache Solr Operator liveness and readiness probes may leak basic auth credentials Moderate
CVE-2024-31391 was published for github.com/apache/solr-operator (Go) Apr 12, 2024
tiagorlampert CHAOS vulnerable to Cross Site Scripting Moderate
CVE-2024-31839 was published for github.com/tiagorlampert/CHAOS (Go) Apr 12, 2024
OpenStack magnum vulnerable to time-of-check to time-of-use (TOCTOU) attack Moderate
CVE-2024-28718 was published for magnum (pip) Apr 12, 2024
timber/timber vulnerable to Deserialization of Untrusted Data High
CVE-2024-29800 was published for timber/timber (Composer) Apr 12, 2024
Sonicrrrr
Mautic vulnerable to cross-site scripting in notifications via saving Dashboards Moderate
CVE-2022-25774 was published for mautic/core (Composer) Apr 12, 2024
Vautia
ProTip! Advisories are also available from the GraphQL API