GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,902
Maven
5,000+
npm
3,631
NuGet
638
pip
3,246
Pub
10
RubyGems
863
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
3,022 advisories
Filter by severity
ZendFramework1 Potential SQL injection in the ORDER implementation of Zend_Db_Select
Critical
GHSA-2x36-qhx3-7m5f
was published
for
zendframework/zendframework1
(Composer)
Jun 7, 2024
willdurand/js-translation-bundle potential path traversal attack and remote code injection
Critical
GHSA-x86x-qhf8-f37w
was published
for
willdurand/js-translation-bundle
(Composer)
Jun 7, 2024
Zend-JSON vulnerable to XXE/XEE attacks
Critical
GHSA-8x2v-pcg7-94f4
was published
for
zendframework/zend-json
(Composer)
Jun 7, 2024
ebookmeta XML External Entity vulnerability
Critical
CVE-2024-37388
was published
for
ebookmeta
(pip)
Jun 7, 2024
ZendFramework potential XML eXternal Entity injection vectors
Critical
GHSA-mhpx-3rv8-wrjm
was published
for
zendframework/zendframework1
(Composer)
Jun 7, 2024
ZendFramework potential SQL Injection Vector When Using PDO_MySql
Critical
GHSA-qf36-fx9f-232x
was published
for
zendframework/zendframework1
(Composer)
Jun 7, 2024
ZendFramework vulnerable to XXE/XEE attacks
Critical
GHSA-f4fj-q6m4-cc52
was published
for
zendframework/zend-xmlrpc
(Composer)
Jun 7, 2024
Zendframework vulnerable to XXE/XEE attacks
Critical
GHSA-qc7w-4567-84wv
was published
for
zendframework/zendframework
(Composer)
Jun 7, 2024
Remote code execution in pytorch lightning
Critical
CVE-2024-5452
was published
for
lightning
(pip)
Jun 6, 2024
Arbitrary Code Execution in TYPO3 CMS
Critical
GHSA-67wg-6j7r-mqh8
was published
for
typo3/cms
(Composer)
Jun 5, 2024
Missing Access Check in TYPO3 CMS
Critical
GHSA-gwfx-p7mr-f92v
was published
for
typo3/cms
(Composer)
Jun 5, 2024
Files or Directories Accessible to External Parties in ProjectDiscovery
Critical
CVE-2024-5262
was published
for
github.com/projectdiscovery/interactsh
(Go)
Jun 5, 2024
Jan path traversal vulnerability
Critical
CVE-2024-37273
was published
for
@janhq/core
(npm)
Jun 4, 2024
Jan path traversal vulnerability
Critical
CVE-2024-36858
was published
for
@janhq/core
(npm)
Jun 4, 2024
Unable to generate the correct character set
Critical
CVE-2024-36400
was published
for
nano-id
(Rust)
Jun 4, 2024
nano-id reduced entropy due to inadequate character set usage
Critical
GHSA-2hfw-w739-p7x5
was published
for
nano-id
(Rust)
Jun 4, 2024
qdrant input validation failure
Critical
CVE-2024-3829
was published
for
qdrant-client
(pip)
Jun 3, 2024
Silverpeas authentication bypass
Critical
CVE-2024-36042
was published
for
org.silverpeas.core:silverpeas-core
(Maven)
Jun 3, 2024
qdrant is vulnerable to path traversal due to improper input validation in the `/collections/{name}/snapshots/upload` endpoint
Critical
CVE-2024-3584
was published
for
qdrant
(Rust)
Jun 2, 2024
TYPO3 CMS Insecure Deserialization & Arbitrary Code Execution
Critical
GHSA-cc97-g92w-jm65
was published
for
typo3/cms-core
(Composer)
May 30, 2024
titon/framework vulnerable to Remote Code Execution via Chosen-Ciphertext Attack
Critical
GHSA-q3jm-v27q-jfww
was published
for
titon/framework
(Composer)
May 30, 2024
terminal42/contao-tablelookupwizard possible SQL injection in widget field value
Critical
GHSA-7fpj-wc8v-9cgc
was published
for
terminal42/contao-tablelookupwizard
(Composer)
May 30, 2024
Symfony XML decoding attack vector through external entities
Critical
GHSA-mmcv-fvq8-r9x3
was published
for
symfony/symfony
(Composer)
May 30, 2024
ProTip!
Advisories are also available from the
GraphQL API