GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,134
Erlang
29
GitHub Actions
19
Go
1,941
Maven
5,000+
npm
3,681
NuGet
650
pip
3,298
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+
3,054 advisories
Filter by severity
Authz zero length regression
Critical
CVE-2024-41110
was published
for
github.com/docker/docker
(Go)
Jul 30, 2024
Admidio Vulnerable to RCE via Arbitrary File Upload in Message Attachment
Critical
CVE-2024-38529
was published
for
admidio/admidio
(Composer)
Jul 29, 2024
Admidio has Blind SQL Injection in ecard_send.php
Critical
CVE-2024-37906
was published
for
admidio/admidio
(Composer)
Jul 29, 2024
RaspAP allows an attacker to escalate privileges
Critical
CVE-2024-41637
was published
for
billz/raspap-webgui
(Composer)
Jul 29, 2024
Remote code execution in Spring Cloud Data Flow
Critical
CVE-2024-37084
was published
for
org.springframework.cloud:spring-cloud-skipper
(Maven)
Jul 25, 2024
Volcano has insecure permissions
Critical
CVE-2024-36533
was published
for
github.com/volcano-sh/volcano
(Go)
Jul 24, 2024
CLSA Directory Traversal vulnerability
Critical
CVE-2024-28698
was published
for
Csla
(NuGet)
Jul 22, 2024
Ankitects Anki arbitrary script execution vulnerability
Critical
CVE-2024-26020
was published
for
anki
(pip)
Jul 22, 2024
TorchServe vulnerable to bypass of allowed_urls configuration
Critical
CVE-2024-35198
was published
for
torchserve
(pip)
Jul 18, 2024
1Panel has an SQL injection issue related to the orderBy clause
Critical
CVE-2024-39907
was published
for
github.com/1Panel-dev/1Panel
(Go)
Jul 18, 2024
Fiona affected by CVE-2023-45853 related to MiniZip madler-zlib
Critical
GHSA-q5fm-55c2-v6j9
was published
for
fiona
(pip)
Jul 16, 2024
TorrentPier Deserialization of Untrusted Data vulnerability
Critical
CVE-2024-40624
was published
for
torrentpier/torrentpier
(Composer)
Jul 15, 2024
rejetto HFS vulnerable to OS Command Execution by remote authenticated users
Critical
CVE-2024-39943
was published
for
hfs
(npm)
Jul 5, 2024
Gogs allows argument injection during the previewing of changes
Critical
CVE-2024-39932
was published
for
github.com/gogs/gogs
(Go)
Jul 4, 2024
Gogs allows deletion of internal files
Critical
CVE-2024-39931
was published
for
github.com/gogs/gogs
(Go)
Jul 4, 2024
github.com/gogs/gogs affected by CVE-2024-39930
Critical
CVE-2024-39930
was published
for
github.com/gogs/gogs
(Go)
Jul 4, 2024
Gradio was discovered to contain a code injection vulnerability via the component /gradio/component_meta.py
Critical
CVE-2024-39236
was published
for
Gradio
(pip)
Jul 1, 2024
Session Middleware Token Injection Vulnerability
Critical
CVE-2024-38513
was published
for
github.com/gofiber/fiber
(Go)
Jul 1, 2024
Remote Code Execution (RCE) vulnerability in geoserver
Critical
CVE-2024-36401
was published
for
org.geoserver.web:gs-web-app
(Maven)
Jul 1, 2024
ZDI-CAN-23894: Parse Server literalizeRegexPart SQL Injection Authentication Bypass Vulnerability
Critical
CVE-2024-39309
was published
for
parse-server
(npm)
Jul 1, 2024
jsonic was discovered to contain a prototype pollution via the function empty.
Critical
CVE-2024-38993
was published
for
jsonic
(npm)
Jul 1, 2024
•
withdrawn
Gin mishandles a wildcard at the end of an origin string
Critical
CVE-2019-25211
was published
for
github.com/gin-contrib/cors
(Go)
Jun 29, 2024
pytorch-lightning vulnerable to Arbitrary File Write via /v1/runs API endpoint
Critical
CVE-2024-5980
was published
for
lightning
(pip)
Jun 27, 2024
vanna vulnerable to remote code execution caused by prompt injection
Critical
CVE-2024-5826
was published
for
vanna
(pip)
Jun 27, 2024
litellm vulnerable to remote code execution based on using eval unsafely
Critical
CVE-2024-5751
was published
for
litellm
(pip)
Jun 27, 2024
ProTip!
Advisories are also available from the
GraphQL API