GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,224
Erlang
31
GitHub Actions
19
Go
1,990
Maven
5,000+
npm
3,706
NuGet
661
pip
3,336
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+
135 advisories
Filter by severity
Vendure asset server plugin has local file read vulnerability with AssetServerPlugin & LocalAssetStorageStrategy
Critical
CVE-2024-48914
was published
for
@vendure/asset-server-plugin
(npm)
Oct 15, 2024
qdrant input validation failure
Critical
CVE-2024-3829
was published
for
qdrant-client
(pip)
Jun 3, 2024
qdrant is vulnerable to path traversal due to improper input validation in the `/collections/{name}/snapshots/upload` endpoint
Critical
CVE-2024-3584
was published
for
qdrant
(Rust)
Jun 2, 2024
Drupal Core Insufficient Contextual Links validation leads to Remote Code Execution
Critical
GHSA-jjx7-8462-w4m4
was published
for
drupal/drupal
(Composer)
May 15, 2024
Apache Karaf Cave: Cave SSRF and arbitrary file access
Critical
CVE-2024-34365
was published
for
org.apache.karaf:cave
(Maven)
May 14, 2024
Server crashes on invalid Cloud Function or Cloud Job name
Critical
CVE-2024-29027
was published
for
parse-server
(npm)
Mar 19, 2024
Django Template Engine Vulnerable to XSS
Critical
CVE-2024-22199
was published
for
github.com/gofiber/template/django/v3
(Go)
Jan 11, 2024
Duplicate Advisory: NuGet Client Security Feature Bypass Vulnerability
Critical
GHSA-jw42-5m4v-9c8g
was published
for
NuGet.CommandLine
(NuGet)
Jan 9, 2024
•
withdrawn
tj-actions/branch-names's Improper Sanitization of Branch Name Leads to Arbitrary Code Injection
Critical
CVE-2023-49291
was published
for
tj-actions/branch-names
(GitHub Actions)
Dec 5, 2023
CSRF Token Reuse Vulnerability
Critical
CVE-2023-45128
was published
for
github.com/gofiber/fiber/v2
(Go)
Oct 17, 2023
Apache Axis 1.x (EOL) may allow RCE when untrusted input is passed to getService
Critical
CVE-2023-40743
was published
for
axis:axis
(Maven)
Sep 5, 2023
SES's dynamic import and spread operator provides possible path to arbitrary exfiltration and execution
Critical
CVE-2023-39532
was published
for
ses
(npm)
Aug 9, 2023
Apache StreamPark Improper Input Validation vulnerability
Critical
CVE-2022-46365
was published
for
org.apache.streampark:streampark
(Maven)
Jul 6, 2023
Apache Airflow Hive Provider Beeline remote code execution with Principal
Critical
CVE-2023-35797
was published
for
apache-airflow-providers-apache-hive
(pip)
Jul 3, 2023
Ckan remote code execution and private information access via crafted resource ids
Critical
CVE-2023-32321
was published
for
ckan
(pip)
May 24, 2023
Apache Sling Commons JSON bundle vulnerable to Improper Input Validation
Critical
CVE-2022-47937
was published
for
org.apache.sling:org.apache.sling.commons.json
(Maven)
May 15, 2023
Django bypasses validation when using one form field to upload multiple files
Critical
CVE-2023-31047
was published
for
Django
(pip)
May 7, 2023
CairoSVG improperly processes SVG files loaded from external resources
Critical
CVE-2023-27586
was published
for
CairoSVG
(pip)
Mar 20, 2023
Apache Airflow Google Provider Improper Input Validation vulnerability
Critical
CVE-2023-25691
was published
for
apache-airflow-providers-google
(pip)
Feb 24, 2023
Apache Airflow Sqoop Provider Improper Input Validation vulnerability
Critical
CVE-2023-25693
was published
for
apache-airflow-providers-apache-sqoop
(pip)
Feb 24, 2023
Apache Airflow Hive Provider Improper Input Validation vulnerability
Critical
CVE-2023-25696
was published
for
apache-airflow-providers-apache-hive
(pip)
Feb 24, 2023
Publify Improper Input Validation vulnerability
Critical
CVE-2023-0299
was published
for
publify_core
(RubyGems)
Jan 14, 2023
Apache DolphinScheduler vulnerable to Improper Input Validation
Critical
CVE-2022-45875
was published
for
org.apache.dolphinscheduler:dolphinscheduler
(Maven)
Jan 4, 2023
Apache Karaf vulnerable to potential code injection
Critical
CVE-2022-40145
was published
for
org.apache.karaf:apache-karaf
(Maven)
Dec 21, 2022
xmldom allows multiple root nodes in a DOM
Critical
CVE-2022-39353
was published
for
@xmldom/xmldom
(npm)
Nov 1, 2022
ProTip!
Advisories are also available from the
GraphQL API