GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,097
Erlang
29
GitHub Actions
19
Go
1,925
Maven
5,000+
npm
3,657
NuGet
638
pip
3,264
Pub
10
RubyGems
873
Rust
823
Swift
35
Unreviewed advisories
All unreviewed
5,000+
78 advisories
Filter by severity
Contao affected by insert tag injection via canonical URL
Moderate
CVE-2024-45612
was published
for
contao/core-bundle
(Composer)
Sep 17, 2024
D-Tale Command Execution Vulnerability
Moderate
CVE-2024-8862
was published
for
dtale
(pip)
Sep 16, 2024
D-Tale vulnerable to Remote Code Execution through the Query input on Chart Builder
Moderate
CVE-2024-45595
was published
for
dtale
(pip)
Sep 10, 2024
CRLF Injection in RestSharp's `RestRequest.AddHeader` method
Moderate
CVE-2024-45302
was published
for
RestSharp
(NuGet)
Aug 29, 2024
Dolibarr ERP CRM vulnerable to remote code execution (RCE)
Moderate
CVE-2024-40137
was published
for
dolibarr/dolibarr
(Composer)
Jul 24, 2024
dbt has an implicit override for built-in materializations from installed packages
Moderate
CVE-2024-40637
was published
for
dbt-core
(pip)
Jul 17, 2024
Apache Airflow Potential Cross-site Scripting Vulnerability
Moderate
CVE-2024-39863
was published
for
apache-airflow
(pip)
Jul 17, 2024
ZendFramework potential remote code execution in zend-mail via Sendmail adapter
Moderate
GHSA-gff2-p6vm-3p8g
was published
for
zendframework/zendframework
(Composer)
Jun 7, 2024
ZendFramework Potential Proxy Injection Vulnerabilities
Moderate
GHSA-mg7h-9qfx-4r83
was published
for
zendframework/zendframework
(Composer)
Jun 7, 2024
symbiote/silverstripe-multivaluefield Possible PHP Object Injection via Multi-Value Field Extension
Moderate
GHSA-g5vj-wj9x-4jg9
was published
for
symbiote/silverstripe-multivaluefield
(Composer)
May 29, 2024
SimpleSAMLphp Link Injection vulnerability
Moderate
GHSA-v858-922f-fj9v
was published
for
simplesamlphp/simplesamlphp
(Composer)
May 28, 2024
Pusher Service Channel Authentication Bypass
Moderate
GHSA-7v7m-pcw5-h3cg
was published
for
pusher/pusher-php-server
(Composer)
May 20, 2024
Contao: Insufficient BBCode sanitizer
Moderate
CVE-2024-28234
was published
for
contao/comments-bundle
(Composer)
Apr 9, 2024
Un-sanitized metric name or labels can be used to take over exported metrics
Moderate
CVE-2024-28867
was published
for
github.com/swift-server/swift-prometheus
(Swift)
Mar 29, 2024
RDoc RCE vulnerability with .rdoc_options
Moderate
CVE-2024-27281
was published
for
rdoc
(RubyGems)
Mar 25, 2024
pyload Log Injection vulnerability
Moderate
CVE-2024-21645
was published
for
pyload-ng
(pip)
Jan 8, 2024
ewen-lbh/ffcss Late-Unicode normalization vulnerability
Moderate
CVE-2023-52081
was published
for
github.com/ewen-lbh/ffcss
(Go)
Dec 28, 2023
PostCSS line return parsing error
Moderate
CVE-2023-44270
was published
for
postcss
(npm)
Sep 30, 2023
Kiali content spoofing vulnerability
Moderate
CVE-2022-3962
was published
for
github.com/kiali/kiali
(Go)
Sep 23, 2023
omeka/omeka-s Improper Input Validation vulnerability
Moderate
CVE-2023-4157
was published
for
omeka/omeka-s
(Composer)
Aug 4, 2023
SQLFluff users with access to config file, using `libary_path` may call arbitrary python code
Moderate
CVE-2023-36830
was published
for
sqlfluff
(pip)
Jul 6, 2023
1Panel vulnerable to command injection when adding container repositories
Moderate
CVE-2023-36457
was published
for
github.com/1Panel-dev/1Panel
(Go)
Jul 5, 2023
SwiftNIO vulnerable to Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting')
Moderate
CVE-2022-3215
was published
for
github.com/apple/swift-nio
(Swift)
Jun 7, 2023
Abstrium Pydio Cells Resource Injection vulnerability
Moderate
CVE-2023-2980
was published
for
github.com/pydio/cells/v4
(Go)
May 30, 2023
vm2 vulnerable to Inspect Manipulation
Moderate
CVE-2023-32313
was published
for
vm2
(npm)
May 17, 2023
ProTip!
Advisories are also available from the
GraphQL API