Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
50
Go
3,599
Maven
5,000+
npm
5,000+
NuGet
924
pip
4,828
Pub
13
RubyGems
1,045
Rust
1,256
Swift
53
Unreviewed advisories
All unreviewed
5,000+

29,402 advisories

Loading
onelogin/php-saml Improper signature validation on LogoutRequest/LogoutResponse. Low
GHSA-9wrw-p9rm-r782 was published for onelogin/php-saml (Composer) May 17, 2024
nzo/url-encryptor-bundle Insecure default secret key and IV allowing anyone to decrypt values High
GHSA-r2r8-36pq-27cm was published for nzo/url-encryptor-bundle (Composer) May 17, 2024
Flow Swift Mailer package Remote code execution Critical
GHSA-rq6q-hjvh-5mwh was published for neos/swiftmailer (Composer) May 17, 2024
Cross-site Scripting vulnerabilities in Neos High
GHSA-6cj3-rc4p-f38f was published for neos/neos (Composer) May 17, 2024
Privilege Escalation in TYPO3 Neos Moderate
GHSA-43cf-7f3h-38rg was published for neos/neos (Composer) May 17, 2024
Time-Based Information Disclosure Vulnerability in Flow Moderate
GHSA-6pq8-67pw-j6hw was published for neos/flow (Composer) May 17, 2024
Neos Information Disclosure Security Note High
GHSA-3c5g-73f7-grvm was published for neos/neos (Composer) May 17, 2024
Neos Flow Information disclosure in entity security Moderate
GHSA-9cw3-j7wg-jwj8 was published for neos/flow (Composer) May 17, 2024
Neos Flow Arbitrary file upload and XML External Entity processing Moderate
GHSA-5vv7-j593-mgjc was published for neos/flow (Composer) May 17, 2024
Insecure deserialize Vulnerability in FLOW3 Low
GHSA-7h74-7vcw-4mwp was published for neos/flow (Composer) May 17, 2024
namshi/jose - Verification bypass Critical
GHSA-4rr6-gf59-ggw5 was published for namshi/jose (Composer) May 17, 2024
namshi/jose insecure JSON Web Signatures (JWS) High
GHSA-hxhc-wmg8-xrqf was published for namshi/jose (Composer) May 17, 2024
Submariner Operator sets unnecessary RBAC permissions Moderate
CVE-2024-5042 was published for github.com/submariner-io/submariner-operator (Go) May 17, 2024
skitt Credited to skitt
ConsoleMe has an Arbitrary File Read Vulnerability via Limited Git command Critical
CVE-2024-5023 was published for consoleme (pip) May 16, 2024
jaydhulia Credited to jaydhulia, scottpacknetflix, and patricksanders scottpacknetflix scottpacknetflix
patricksanders patricksanders
njwt Prototype Pollution vulnerability High
CVE-2024-34273 was published for njwt (npm) May 16, 2024
Denial of service of Minder Server with attacker-controlled REST endpoint Moderate
CVE-2024-35185 was published for github.com/stacklok/minder (Go) May 16, 2024
AdamKorcz Credited to AdamKorcz and DavidKorczynski DavidKorczynski DavidKorczynski
REXML contains a denial of service vulnerability Moderate
CVE-2024-35176 was published for rexml (RubyGems) May 16, 2024
Withdrawn Advisory: Weights and Biases (wandb) has a Server-Side Request Forgery (SSRF) vulnerability High
CVE-2024-4642 was published for wandb (pip) May 16, 2024 withdrawn
RunGptLLM class in LlamaIndex has a command injection High
CVE-2024-4181 was published for llama-index (pip) May 16, 2024
MLflow allows low privilege users to delete any artifact Moderate
CVE-2024-4263 was published for mlflow (pip) May 16, 2024
MLflow has a Local File Read/Path Traversal bypass High
CVE-2024-3848 was published for mlflow (pip) May 16, 2024
LoLLMS Command Injection vulnerability High
CVE-2024-4078 was published for lollms (pip) May 16, 2024
Monolog Header injection in NativeMailerHandler Low
GHSA-f57v-q966-7fh6 was published for monolog/monolog (Composer) May 15, 2024
Magento RCE,XSS and other vulnerabilities Critical
GHSA-8j7c-682x-r9f2 was published for magento/community-edition (Composer) May 15, 2024
Magento Cross-Site Scripting (XSS) vulnerability Moderate
GHSA-mcfc-67vm-j568 was published for magento/community-edition (Composer) May 15, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database