Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,176
Erlang
28
GitHub Actions
16
Go
1,602
Maven
4,910
npm
3,436
NuGet
594
pip
2,670
Pub
10
RubyGems
821
Rust
760
Swift
34
Unreviewed advisories
All unreviewed
5,000+

17,842 advisories

social-auth-app-djangon affected by Improper Handling of Case Sensitivity Moderate
CVE-2024-32879 was published for social-auth-app-django (pip) Apr 24, 2024
nijel
CosmWasm affected by arithmetic overflows Low
GHSA-8724-5xmm-w5xq was published for cosmwasm-std (Rust) Apr 24, 2024
OpenMetadata vulnerable to a SpEL Injection in `GET /api/v1/policies/validation/condition/<expr>` (`GHSL-2023-236`) High
CVE-2024-28848 was published for org.open-metadata:openmetadata-service (Maven) Apr 24, 2024
pwntester
OpenMetadata vulnerable to a SpEL Injection in `PUT /api/v1/events/subscriptions` (`GHSL-2023-251`) High
CVE-2024-28847 was published for org.open-metadata:openmetadata-service (Maven) Apr 24, 2024
pwntester
Umbraco Workflow's Backoffice users can execute arbitrary SQL Moderate
CVE-2024-32872 was published for Plumber.Workflow (NuGet) Apr 24, 2024
Pimcore TinyMCE Bundle - tinymce CVE-2024-29203, CVE-2024-29881 Moderate
GHSA-vjwg-28gv-pm8h was published for pimcore/pimcore (Composer) Apr 24, 2024
GAL-CS
Zend Framework SQL injection vulnerability Critical
CVE-2014-8089 was published for zendframework/zend-db (Composer) Apr 23, 2024
Drupal Core Remote Code Execution Vulnerability Critical
CVE-2018-7602 was published for drupal/core (Composer) Apr 23, 2024
Hugo Markdown titles do not escaped in internal render hooks Moderate
CVE-2024-32875 was published for github.com/gohugoio/hugo (Go) Apr 23, 2024
ejona86
Conform contains a Prototype Pollution Vulnerability in `parseWith...` function High
CVE-2024-32866 was published for @conform-to/dom (npm) Apr 23, 2024
key-moon
Synapse V2 state resolution weakness allows Denial of Service (DoS) Moderate
CVE-2024-31208 was published for matrix-synapse (pip) Apr 23, 2024
OpenMetadata vulnerable to SpEL Injection in `PUT /api/v1/policies` (`GHSL-2023-252`) Critical
CVE-2024-28253 was published for org.open-metadata:openmetadata-service (Maven) Apr 23, 2024
pwntester
cg vulnerable to an Open Redirect Vulnerability on Referer Header Moderate
GHSA-w228-rfpx-fhm4 was published for cg (pip) Apr 23, 2024
aydinnyunus
Renovate vulnerable to arbitrary command injection via helmv3 manager and registryAliases Moderate
GHSA-rqgv-292v-5qgr was published for renovate (npm) Apr 23, 2024
meyfa
Hono vulnerable to Restricted Directory Traversal in serveStatic with deno Moderate
CVE-2024-32869 was published for hono (npm) Apr 23, 2024
y0d3n
MySQL2 for Node Arbitrary Code Injection Critical
CVE-2024-21511 was published for mysql2 (npm) Apr 23, 2024
Kubernetes allows bypassing mountable secrets policy imposed by the ServiceAccount admission plugin Low
CVE-2024-3177 was published for k8s.io/kubernetes (Go) Apr 23, 2024
dbt uses a SQLparse version with a high vulnerability High
GHSA-p72q-h37j-3hq7 was published for dbt-core (pip) Apr 22, 2024
DanMawdsleyBA
Sylius Cross Site Scripting (XSS) vulnerability Moderate
CVE-2024-29376 was published for sylius/sylius (Composer) Apr 22, 2024
Arbitrary Code Execution in Gitea High
CVE-2020-14144 was published for code.gitea.io/gitea (Go) Apr 22, 2024
Moby (Docker Engine) started with non-empty inheritable Linux process capabilities Moderate
CVE-2022-24769 was published for github.com/docker/docker (Go) Apr 22, 2024
AndrewGMorgan
@hoppscotch/cli affected by Sandbox Escape in @hoppscotch/js-sandbox leads to RCE High
GHSA-qmmm-73r2-f8xr was published for @hoppscotch/cli (npm) Apr 22, 2024
oskar-zeinomahmalat-sonarsource mufeedvh
LibreNMS vulnerable to a Time-Based Blind SQL injection leads to database extraction High
CVE-2024-32480 was published for librenms/librenms (Composer) Apr 22, 2024
sco4x0
LibreNMS uses Improper Sanitization on Service template name leads to Stored XSS High
CVE-2024-32479 was published for librenms/librenms (Composer) Apr 22, 2024
rook1337
LibreNMS vulnerable to SQL injection time-based leads to database extraction High
CVE-2024-32461 was published for librenms/librenms (Composer) Apr 22, 2024
Louhan-dev
ProTip! Advisories are also available from the GraphQL API