GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,205
Erlang
31
GitHub Actions
19
Go
1,988
Maven
5,000+
npm
3,704
NuGet
661
pip
3,332
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+
3,078 advisories
Filter by severity
PyTorch vulnerable to arbitrary code execution
Critical
CVE-2022-45907
was published
for
torch
(pip)
Nov 26, 2022
Duplicate Advisory: .NET and Visual Studio Remote Code Execution Vulnerability
Critical
GHSA-8rxm-6783-qh55
was published
for
System.Formats.Nrbf
(NuGet)
Nov 12, 2024
•
withdrawn
VuFind Server-Side Request Forgery (SSRF) vulnerability
Critical
CVE-2024-25737
was published
for
vufind/vufind
(Composer)
May 22, 2024
JSONPath Plus Remote Code Execution (RCE) Vulnerability
Critical
CVE-2024-21534
was published
for
jsonpath-plus
(Maven)
Oct 11, 2024
VM images built with Image Builder and Proxmox provider use default credentials in github.com/kubernetes-sigs/image-builder
Critical
CVE-2024-9486
was published
for
github.com/kubernetes-sigs/image-builder
(Go)
Oct 15, 2024
Withdrawn Advisory: go-mysql affected by go.uuid's Predictable UUID Identifiers
Critical
GHSA-rc7v-65v6-m2v3
was published
for
github.com/go-mysql-org/go-mysql
(Go)
Oct 28, 2024
•
withdrawn
CRLF injection in Refit's [Header], [HeaderCollection] and [Authorize] attributes
Critical
CVE-2024-51501
was published
for
Refit
(NuGet)
Nov 4, 2024
Incomplete validation in boosted trees code
Critical
CVE-2021-41208
was published
for
tensorflow
(pip)
Nov 10, 2021
jj vulnerable to path traversal via crafted Git repositories
Critical
CVE-2024-51990
was published
for
jj-lib
(Rust)
Nov 7, 2024
Langchain SQL Injection vulnerability
Critical
CVE-2023-32785
was published
for
langchain
(pip)
Oct 21, 2023
happy-dom allows for server side code to be executed by a <script> tag
Critical
CVE-2024-51757
was published
for
happy-dom
(npm)
Nov 6, 2024
codechecker authentication method confusion vulnerability allows logging in as the built-in root user from an external service
Critical
CVE-2024-10082
was published
for
codechecker
(pip)
Nov 6, 2024
codechecker vulnerable to authentication bypass when using specifically crafted URLs
Critical
CVE-2024-10081
was published
for
codechecker
(pip)
Nov 6, 2024
Osmedeus Web Server Vulnerable to Stored XSS, Leading to RCE
Critical
CVE-2024-51735
was published
for
github.com/j3ssie/osmedeus
(Go)
Nov 5, 2024
Rancher allows privilege escalation in Windows nodes due to Insecure Access Control Lists
Critical
CVE-2023-32197
was published
for
github.com/rancher/rancher
(Go)
Oct 25, 2024
PaddlePaddle vulnerable to Code Injection
Critical
CVE-2022-46742
was published
for
paddlepaddle
(pip)
Dec 7, 2022
X-Forwarded-For header allows brute-forcing autoblocked IP addresses
Critical
CVE-2023-29141
was published
for
mediawiki/core
(Composer)
Mar 31, 2023
Duplicate Advisory: Permissive Regular Expression in tacquito
Critical
GHSA-j42f-wc6v-5xpq
was published
for
github.com/tacquito/tacquito
(Go)
Oct 17, 2024
•
withdrawn
Grafana Command Injection And Local File Inclusion Via Sql Expressions
Critical
CVE-2024-9264
was published
for
github.com/grafana/grafana
(Go)
Oct 18, 2024
DOMPurify vulnerable to tampering by prototype polution
Critical
CVE-2024-48910
was published
for
dompurify
(npm)
Oct 31, 2024
Improper Input Validation in PyYAML
Critical
CVE-2020-1747
was published
for
pyyaml
(pip)
Apr 20, 2021
Out of bounds access in tensorflow-lite
Critical
CVE-2020-15212
was published
for
tensorflow
(pip)
Sep 25, 2020
PEAR::Archive_Tar Directory Traversal vulnerability
Critical
CVE-2006-0931
was published
for
pear/archive_tar
(Composer)
May 1, 2022
Butterfly has path/URL confusion in resource handling leading to multiple weaknesses
Critical
CVE-2024-47883
was published
for
org.openrefine.dependencies:butterfly
(Maven)
Oct 24, 2024
Waitress has request processing race condition in HTTP pipelining with invalid first request
Critical
CVE-2024-49768
was published
for
waitress
(pip)
Oct 29, 2024
ProTip!
Advisories are also available from the
GraphQL API