GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,941
Erlang
29
GitHub Actions
16
Go
1,722
Maven
4,952
npm
3,481
NuGet
605
pip
3,049
Pub
10
RubyGems
832
Rust
778
Swift
34
Unreviewed advisories
All unreviewed
5,000+
19,227 advisories
Filter by severity
ydata unsafe deserialization
High
CVE-2024-37064
was published
for
ydata-profiling
(pip)
Jun 4, 2024
Reflected Cross-Site Scripting (XSS) in Dolibarr
Moderate
CVE-2024-34051
was published
for
dolibarr/dolibarr
(Composer)
Jun 3, 2024
TYPO3 Cross-Site Scripting (XSS) in form component
Moderate
GHSA-5j86-5xvg-7q93
was published
for
typo3/cms
(Composer)
Jun 3, 2024
TYPO3 Cross-Site Scripting in legacy form component
Moderate
GHSA-vgm8-r9gm-fw59
was published
for
typo3/cms
(Composer)
Jun 3, 2024
TYPO3 Cross-Site Scripting in link validator component
Moderate
GHSA-cg4m-qjjp-7497
was published
for
typo3/cms
(Composer)
Jun 3, 2024
TYPO3 Multiple Cross-Site Scripting vulnerabilities in frontend
Moderate
GHSA-6fc6-cj2j-h22x
was published
for
typo3/cms
(Composer)
Jun 3, 2024
TYPO3 SQL Injection in dbal
High
GHSA-9895-53fc-98v2
was published
for
typo3/cms
(Composer)
Jun 3, 2024
Cross-Site Scripting in TYPO3 component Indexed Search
Moderate
GHSA-wh8q-72cp-p5wf
was published
for
typo3/cms
(Composer)
Jun 3, 2024
TYPO3 is susceptible to Cross-Site Flashing
Moderate
GHSA-qrxh-46mr-pr7q
was published
for
typo3/cms
(Composer)
Jun 3, 2024
Multiple Cross-Site Scripting vulnerabilities in TYPO3 backend
Moderate
GHSA-5cxf-xx9j-54jc
was published
for
typo3/cms
(Composer)
Jun 3, 2024
qdrant input validation failure
Critical
CVE-2024-3829
was published
for
qdrant-client
(pip)
Jun 3, 2024
Silverpeas authentication bypass
High
CVE-2024-36042
was published
for
org.silverpeas.core:silverpeas-core
(Maven)
Jun 3, 2024
SQL Injection in Harbor scan log API
Low
CVE-2024-22261
was published
for
github.com/goharbor/harbor
(Go)
Jun 2, 2024
Open Redirect URL in Harbor
Moderate
CVE-2024-22244
was published
for
github.com/goharbor/harbor
(Go)
Jun 2, 2024
activeadmin vulnerable to stored persistent cross-site scripting (XSS) in dynamic form legends
High
CVE-2024-37031
was published
for
activeadmin
(RubyGems)
Jun 2, 2024
Password confirmation stored in plain text via registration form in statamic/cms
Low
CVE-2024-36119
was published
for
statamic/cms
(Composer)
Jun 2, 2024
Unsafe Reflection in base Component class in yiisoft/yii2
High
CVE-2024-4990
was published
for
yiisoft/yii2
(Composer)
Jun 2, 2024
path traversal vulnerability was identified in the parisneo/lollms-webui
Moderate
CVE-2024-4330
was published
for
lollms
(pip)
Jun 2, 2024
ProTip!
Advisories are also available from the
GraphQL API