Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

133 advisories

Loading
Authentication bypass in dtale Critical
CVE-2024-3408 was published for dtale (pip) Jun 6, 2024
qdrant input validation failure Critical
CVE-2024-3829 was published for qdrant-client (pip) Jun 3, 2024
qdrant is vulnerable to path traversal due to improper input validation in the `/collections/{name}/snapshots/upload` endpoint Critical
CVE-2024-3584 was published for qdrant (Rust) Jun 2, 2024
Drupal Core Insufficient Contextual Links validation leads to Remote Code Execution Critical
GHSA-jjx7-8462-w4m4 was published for drupal/drupal (Composer) May 15, 2024
Apache Karaf Cave: Cave SSRF and arbitrary file access Critical
CVE-2024-34365 was published for org.apache.karaf:cave (Maven) May 14, 2024
Server crashes on invalid Cloud Function or Cloud Job name Critical
CVE-2024-29027 was published for parse-server (npm) Mar 19, 2024
mtrezza EhsanParsania
Django Template Engine Vulnerable to XSS Critical
CVE-2024-22199 was published for github.com/gofiber/template/django/v3 (Go) Jan 11, 2024
bastianwegge sixcolors
gaby ReneWerner87 efectn
Duplicate Advisory: NuGet Client Security Feature Bypass Vulnerability Critical
GHSA-jw42-5m4v-9c8g was published for NuGet.CommandLine (NuGet) Jan 9, 2024 withdrawn
tj-actions/branch-names's Improper Sanitization of Branch Name Leads to Arbitrary Code Injection Critical
CVE-2023-49291 was published for tj-actions/branch-names (GitHub Actions) Dec 5, 2023
AdnaneKhan R3x
CSRF Token Reuse Vulnerability Critical
CVE-2023-45128 was published for github.com/gofiber/fiber/v2 (Go) Oct 17, 2023
rere61 sixcolors
the-hotmann gaby efectn ReneWerner87
Apache Axis 1.x (EOL) may allow RCE when untrusted input is passed to getService Critical
CVE-2023-40743 was published for axis:axis (Maven) Sep 5, 2023
jkmartindale ebickle
SES's dynamic import and spread operator provides possible path to arbitrary exfiltration and execution Critical
CVE-2023-39532 was published for ses (npm) Aug 9, 2023
corrideat
Apache StreamPark Improper Input Validation vulnerability Critical
CVE-2022-46365 was published for org.apache.streampark:streampark (Maven) Jul 6, 2023
Apache Airflow Hive Provider Beeline remote code execution with Principal Critical
CVE-2023-35797 was published for apache-airflow-providers-apache-hive (pip) Jul 3, 2023
Ckan remote code execution and private information access via crafted resource ids Critical
CVE-2023-32321 was published for ckan (pip) May 24, 2023
YoloClin
Apache Sling Commons JSON bundle vulnerable to Improper Input Validation Critical
CVE-2022-47937 was published for org.apache.sling:org.apache.sling.commons.json (Maven) May 15, 2023
Django bypasses validation when using one form field to upload multiple files Critical
CVE-2023-31047 was published for Django (pip) May 7, 2023
CairoSVG improperly processes SVG files loaded from external resources Critical
CVE-2023-27586 was published for CairoSVG (pip) Mar 20, 2023
Cyxow
Apache Airflow Sqoop Provider Improper Input Validation vulnerability Critical
CVE-2023-25693 was published for apache-airflow-providers-apache-sqoop (pip) Feb 24, 2023
Apache Airflow Hive Provider Improper Input Validation vulnerability Critical
CVE-2023-25696 was published for apache-airflow-providers-apache-hive (pip) Feb 24, 2023
Apache Airflow Google Provider Improper Input Validation vulnerability Critical
CVE-2023-25691 was published for apache-airflow-providers-google (pip) Feb 24, 2023
Publify Improper Input Validation vulnerability Critical
CVE-2023-0299 was published for publify_core (RubyGems) Jan 14, 2023
Apache DolphinScheduler vulnerable to Improper Input Validation Critical
CVE-2022-45875 was published for org.apache.dolphinscheduler:dolphinscheduler (Maven) Jan 4, 2023
Apache Karaf vulnerable to potential code injection Critical
CVE-2022-40145 was published for org.apache.karaf:apache-karaf (Maven) Dec 21, 2022
xmldom allows multiple root nodes in a DOM Critical
CVE-2022-39353 was published for @xmldom/xmldom (npm) Nov 1, 2022
frumioj karfau
kurt-r2c
ProTip! Advisories are also available from the GraphQL API