GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,094
Erlang
29
GitHub Actions
19
Go
1,920
Maven
5,000+
npm
3,648
NuGet
638
pip
3,263
Pub
10
RubyGems
873
Rust
822
Swift
35
Unreviewed advisories
All unreviewed
5,000+
7,071 advisories
Filter by severity
MindsDB Deserialization of Untrusted Data vulnerability
High
CVE-2024-45853
was published
for
mindsdb
(pip)
Sep 12, 2024
MindsDB Eval Injection vulnerability
High
CVE-2024-45851
was published
for
mindsdb
(pip)
Sep 12, 2024
MindsDB Deserialization of Untrusted Data vulnerability
High
CVE-2024-45852
was published
for
mindsdb
(pip)
Sep 12, 2024
MindsDB Deserialization of Untrusted Data vulnerability
High
CVE-2024-45854
was published
for
mindsdb
(pip)
Sep 12, 2024
MindsDB Deserialization of Untrusted Data vulnerability
High
CVE-2024-45855
was published
for
mindsdb
(pip)
Sep 12, 2024
Refuel Autolab Eval Injection vulnerability
High
CVE-2024-27320
was published
for
refuel-autolabel
(pip)
Sep 12, 2024
MindsDB Eval Injection vulnerability
High
CVE-2024-45847
was published
for
mindsdb
(pip)
Sep 12, 2024
MindsDB Eval Injection vulnerability
High
CVE-2024-45848
was published
for
mindsdb
(pip)
Sep 12, 2024
MindsDB Eval Injection vulnerability
High
CVE-2024-45850
was published
for
mindsdb
(pip)
Sep 12, 2024
MindsDB Eval Injection vulnerability
High
CVE-2024-45846
was published
for
mindsdb
(pip)
Sep 12, 2024
MindsDB Eval Injection vulnerability
High
CVE-2024-45849
was published
for
mindsdb
(pip)
Sep 12, 2024
Refuel Autolab Eval Injection vulnerability
High
CVE-2024-27321
was published
for
refuel-autolabel
(pip)
Sep 12, 2024
Untrusted Query Object Evaluation in RPC API
High
GHSA-64f8-pjgr-9wmr
was published
for
surrealdb
(Rust)
Sep 11, 2024
dset Prototype Pollution vulnerability
High
CVE-2024-21529
was published
for
dset
(npm)
Sep 11, 2024
Session is cached for OpenID and OAuth2 if `redirect` is not used
High
CVE-2024-45596
was published
for
@directus/api
(npm)
Sep 10, 2024
auditor-bundle vulnerable to Cross-site Scripting because name of entity does not get escaped
High
CVE-2024-45592
was published
for
damienharper/auditor-bundle
(Composer)
Sep 10, 2024
body-parser vulnerable to denial of service when url encoding is enabled
High
CVE-2024-45590
was published
for
body-parser
(npm)
Sep 10, 2024
Keycloak Session Fixation vulnerability
High
CVE-2024-7341
was published
for
org.keycloak:keycloak-services
(Maven)
Sep 9, 2024
Twig has a possible sandbox bypass
High
CVE-2024-45411
was published
for
twig/twig
(Composer)
Sep 9, 2024
path-to-regexp outputs backtracking regular expressions
High
CVE-2024-45296
was published
for
path-to-regexp
(npm)
Sep 9, 2024
External Secrets Operator vulnerable to privilege escalation
High
CVE-2024-45041
was published
for
github.com/external-secrets/external-secrets
(Go)
Sep 9, 2024
Apache Airflow vulnerable to Execution with Unnecessary Privileges
High
CVE-2024-45034
was published
for
apache-airflow
(pip)
Sep 7, 2024
Apache Airflow vulnerable to Improper Encoding or Escaping of Output
High
CVE-2024-45498
was published
for
apache-airflow
(pip)
Sep 7, 2024
Default installation of `synthetic-monitoring-agent` exposes sensitive information
High
CVE-2022-46156
was published
for
github.com/grafana/synthetic-monitoring-agent
(Go)
Sep 6, 2024
HTML injection in JupyterLite leading to DOM Clobbering
High
GHSA-gj55-2xf9-67rq
was published
for
jupyterlite-core
(pip)
Sep 6, 2024
ProTip!
Advisories are also available from the
GraphQL API