Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
46
GitHub Actions
48
Go
3,358
Maven
5,000+
npm
5,000+
NuGet
881
pip
4,554
Pub
12
RubyGems
1,013
Rust
1,205
Swift
51
Unreviewed advisories
All unreviewed
5,000+

27,995 advisories

Loading
es5-ext vulnerable to Regular Expression Denial of Service in `function#copy` and `function#toStringTokens` Low
CVE-2024-27088 was published for es5-ext (npm) Feb 26, 2024
GAP-dev Credited to GAP-dev and SCH227 SCH227 SCH227
Kirby vulnerable to Cross-site scripting (XSS) in the link field "Custom" type Moderate
CVE-2024-27087 was published for getkirby/cms (Composer) Feb 26, 2024
PlyNatwara Credited to PlyNatwara
LangChain Experimental vulnerable to arbitrary code execution Critical
CVE-2024-27444 was published for langchain-experimental (pip) Feb 26, 2024
Rack CORS Middleware has Insecure File Permissions Moderate
CVE-2024-27456 was published for rack-cors (RubyGems) Feb 26, 2024
guiferrpereira Credited to guiferrpereira and joaomarcos96 joaomarcos96 joaomarcos96
pretix mishandles file validation Moderate
CVE-2024-27447 was published for pretix (pip) Feb 26, 2024
orjson does not limit recursion for deeply nested JSON documents High
CVE-2024-27454 was published for orjson (pip) Feb 26, 2024
Apache Camel data exposure vulnerability Low
CVE-2024-22371 was published for org.apache.camel:camel-core (Maven) Feb 26, 2024
rsrikanth11 Credited to rsrikanth11
langchain Server-Side Request Forgery vulnerability Low
CVE-2024-0243 was published for langchain (pip) Feb 26, 2024
Kirby vulnerable to self cross-site scripting (self-XSS) in the URL field Moderate
CVE-2024-26481 was published for getkirby/cms (Composer) Feb 26, 2024
PlyNatwara Credited to PlyNatwara
Kirby vulnerable to unrestricted file upload of user avatar images Moderate
CVE-2024-26483 was published for getkirby/cms (Composer) Feb 26, 2024
PlyNatwara Credited to PlyNatwara
sanitize-html Information Exposure vulnerability Moderate
CVE-2024-21501 was published for sanitize-html (npm) Feb 24, 2024
oscerd Credited to oscerd and krassowski krassowski krassowski
Uninitialized Variable in fastecdsa High
CVE-2024-21502 was published for fastecdsa (pip) Feb 24, 2024
Cross-site Scripting in MLFlow Critical
CVE-2024-27132 was published for mlflow (pip) Feb 24, 2024
MLFlow Cross-site Scripting vulnerability leads to client-side Remote Code Execution Critical
CVE-2024-27133 was published for mlflow (pip) Feb 24, 2024
oscerd Credited to oscerd and gabby202308 gabby202308 gabby202308
Onnx Directory Traversal vulnerability High
CVE-2024-27318 was published for onnx (pip) Feb 23, 2024
iarspider Credited to iarspider
Onnx Out-of-bounds Read vulnerability Moderate
CVE-2024-27319 was published for onnx (pip) Feb 23, 2024
iarspider Credited to iarspider
Apache DolphinScheduler vulnerable to arbitrary JavaScript execution as root for authenticated users High
CVE-2024-23320 was published for org.apache.dolphinscheduler:dolphinscheduler-master (Maven) Feb 23, 2024
westonsteimel Credited to westonsteimel
`@backstage/backend-common` vulnerable to path traversal through symlinks High
CVE-2024-26150 was published for @backstage/backend-common (npm) Feb 23, 2024
Spring Web vulnerable to Open Redirect or Server Side Request Forgery High
CVE-2024-22243 was published for org.springframework:spring-web (Maven) Feb 23, 2024
yoshizawa-masatoshi Credited to yoshizawa-masatoshi
Appwrite Directory Traversal vulnerability High
CVE-2022-25377 was published for appwrite/server-ce (Composer) Feb 23, 2024
Gradio apps vulnerable to timing attacks to guess password Moderate
CVE-2024-1729 was published for gradio (pip) Feb 22, 2024
Label Studio vulnerable to Cross-site Scripting if `<Choices>` or `<Labels>` are used in labeling config Moderate
CVE-2024-26152 was published for label-studio (pip) Feb 22, 2024
isacaya Credited to isacaya
pypqc private key retrieval vulnerability High
GHSA-rc4p-p3j9-6577 was published for pypqc (pip) Feb 22, 2024
Potentially untrusted input is rendered as HTML in final output High
CVE-2024-26151 was published for mjml (pip) Feb 22, 2024
sh-at-cs Credited to sh-at-cs
User with ci:ReadAction permissions and write permissions to one path in a repository may copy objects from any path in the repository Moderate
GHSA-fvv5-h29g-f6w5 was published for github.com/treeverse/lakefs (Go) Feb 22, 2024
arielshaqed Credited to arielshaqed
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database