Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,902
Maven
5,000+
npm
3,631
NuGet
638
pip
3,246
Pub
10
RubyGems
863
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

20,093 advisories

Loading
Ansible vulnerable to Insertion of Sensitive Information into Log File Moderate
CVE-2024-8775 was published for ansible-core (pip) Sep 16, 2024
Lunary Cross-Site Request Forgery (CSRF) vulnerability Moderate
CVE-2024-6862 was published for lunary (npm) Sep 13, 2024
Lunary information disclosure vulnerability Moderate
CVE-2024-6867 was published for lunary (npm) Sep 13, 2024
Lunary improper access control vulnerability Moderate
CVE-2024-6087 was published for lunary (npm) Sep 13, 2024
Lunary Improper Authentication vulnerability Moderate
CVE-2024-6582 was published for lunary (npm) Sep 13, 2024
LiteLLM Server-Side Request Forgery (SSRF) vulnerability High
CVE-2024-6587 was published for litellm (pip) Sep 13, 2024
Path traversal vulnerability in functional web frameworks High
CVE-2024-38816 was published for org.springframework:spring-webmvc (Maven) Sep 13, 2024
Malayke
whatsapp-api-js fails to validate message's signature Moderate
CVE-2024-45607 was published for whatsapp-api-js (npm) Sep 12, 2024
Cleanlab Deserialization of Untrusted Data vulnerability High
CVE-2024-45857 was published for cleanlab (pip) Sep 12, 2024
MindsDB Cross-site Scripting vulnerability Moderate
CVE-2024-45856 was published for mindsdb (pip) Sep 12, 2024
MindsDB Deserialization of Untrusted Data vulnerability High
CVE-2024-45855 was published for mindsdb (pip) Sep 12, 2024
MindsDB Deserialization of Untrusted Data vulnerability High
CVE-2024-45854 was published for mindsdb (pip) Sep 12, 2024
MindsDB Eval Injection vulnerability High
CVE-2024-45851 was published for mindsdb (pip) Sep 12, 2024
MindsDB Deserialization of Untrusted Data vulnerability High
CVE-2024-45853 was published for mindsdb (pip) Sep 12, 2024
MindsDB Deserialization of Untrusted Data vulnerability High
CVE-2024-45852 was published for mindsdb (pip) Sep 12, 2024
Refuel Autolab Eval Injection vulnerability High
CVE-2024-27321 was published for refuel-autolabel (pip) Sep 12, 2024
Refuel Autolab Eval Injection vulnerability High
CVE-2024-27320 was published for refuel-autolabel (pip) Sep 12, 2024
MindsDB Eval Injection vulnerability High
CVE-2024-45847 was published for mindsdb (pip) Sep 12, 2024
MindsDB Eval Injection vulnerability High
CVE-2024-45850 was published for mindsdb (pip) Sep 12, 2024
MindsDB Eval Injection vulnerability High
CVE-2024-45849 was published for mindsdb (pip) Sep 12, 2024
MindsDB Eval Injection vulnerability High
CVE-2024-45848 was published for mindsdb (pip) Sep 12, 2024
MindsDB Eval Injection vulnerability High
CVE-2024-45846 was published for mindsdb (pip) Sep 12, 2024
omniauth-saml vulnerable to Improper Verification of Cryptographic Signature Critical
GHSA-cvp8-5r8g-fhvq was published for omniauth-saml (RubyGems) Sep 11, 2024
ahacker1-securesaml suprnova32
rajiv bufferoverflow
Sensitive Information Exposure Through Insecure Logging For Secrets Like Metadata.DockerBuildArgs Moderate
GHSA-rjc6-vm4h-85cg was published for aws-sam-cli (pip) Sep 11, 2024
AWS SageMaker Training Toolkit logs CodeArtifact Authorization token Moderate
GHSA-635v-pc42-fr74 was published for sagemaker-training (pip) Sep 11, 2024
ProTip! Advisories are also available from the GraphQL API