GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,941
Erlang
29
GitHub Actions
16
Go
1,722
Maven
4,952
npm
3,481
NuGet
605
pip
3,049
Pub
10
RubyGems
832
Rust
778
Swift
34
Unreviewed advisories
All unreviewed
5,000+
928 advisories
Filter by severity
Arbitrary file deletion in litellm
Moderate
CVE-2024-4888
was published
for
litellm
(pip)
Jun 6, 2024
Missing security headers in Action Pack on non-HTML responses
Moderate
CVE-2024-28103
was published
for
actionpack
(RubyGems)
Jun 4, 2024
qdrant input validation failure
Critical
CVE-2024-3829
was published
for
qdrant-client
(pip)
Jun 3, 2024
qdrant is vulnerable to path traversal due to improper input validation in the `/collections/{name}/snapshots/upload` endpoint
Critical
CVE-2024-3584
was published
for
qdrant
(Rust)
Jun 2, 2024
Moodle ReCAPTCHA can be bypassed on the login page
Moderate
CVE-2024-34009
was published
for
moodle/moodle
(Composer)
May 31, 2024
Moodle Improper Input Validation
High
CVE-2024-33999
was published
for
moodle/moodle
(Composer)
May 31, 2024
Moodle broken access control when setting calendar event type
Moderate
CVE-2024-33996
was published
for
moodle/moodle
(Composer)
May 31, 2024
TYPO3 Brute Force Protection Bypass in backend login
Moderate
GHSA-jqr8-q455-xx45
was published
for
typo3/cms
(Composer)
May 30, 2024
TYPO3 Arbitrary Shell Execution in Swiftmailer library
High
GHSA-45xg-4w5x-j429
was published
for
typo3/cms
(Composer)
May 30, 2024
Symfony has unsafe methods in the Request class
Moderate
CVE-2015-2309
was published
for
symfony/http-foundation
(Composer)
May 30, 2024
Symfony has a security issue when parsing the Authorization header
Moderate
CVE-2014-6061
was published
for
symfony/http-foundation
(Composer)
May 30, 2024
silverstripe/framework has possible denial of service attack vector when flushing
High
GHSA-cwgq-83w5-8jfq
was published
for
silverstripe/framework
(Composer)
May 28, 2024
silverstripe/framework uploaded PHP script execution in assets
Moderate
GHSA-f43j-8hq4-2xj9
was published
for
silverstripe/framework
(Composer)
May 27, 2024
Laravel Guard bypass in Eloquent models
Moderate
GHSA-44pg-c29v-hp6r
was published
for
laravel/framework
(Composer)
May 15, 2024
Laravel Risk of mass-assignment vulnerabilities
Moderate
GHSA-rj3w-99gc-8j58
was published
for
laravel/framework
(Composer)
May 15, 2024
Laravel Risk of mass-assignment vulnerabilities
Moderate
GHSA-cc2w-ghc5-m5qr
was published
for
illuminate/database
(Composer)
May 15, 2024
Drupal Core Insufficient Contextual Links validation leads to Remote Code Execution
Critical
GHSA-jjx7-8462-w4m4
was published
for
drupal/drupal
(Composer)
May 15, 2024
Grafana Email addresses and usernames can not be trusted
Moderate
CVE-2022-39306
was published
for
github.com/grafana/grafana
(Go)
May 14, 2024
Microsoft Power BI Client JavaScript SDK Information Disclosure Vulnerability
Moderate
CVE-2024-30054
was published
for
Microsoft.PowerBI.JavaScript
(NuGet)
May 14, 2024
Apache Karaf Cave: Cave SSRF and arbitrary file access
Critical
CVE-2024-34365
was published
for
org.apache.karaf:cave
(Maven)
May 14, 2024
Uptime Kuma vulnerable to authenticated remote code execution via malicious plugin installation
High
CVE-2023-36821
was published
for
uptime-kuma
(npm)
May 1, 2024
vyper performs incorrect topic logging in raw_log
Moderate
CVE-2024-32645
was published
for
vyper
(pip)
Apr 25, 2024
ProTip!
Advisories are also available from the
GraphQL API