GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,749
Maven
4,978
npm
3,509
NuGet
609
pip
3,084
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
2,142 advisories
Filter by severity
A path traversal vulnerability exists in gaizhenbiao/chuanhuchatgpt version 20240410, allowing...
High
Unreviewed
CVE-2024-6090
was published
Jun 27, 2024
h2o vulnerable to unexpected POST request shutting down server
High
CVE-2024-5979
was published
for
h2o
(pip)
Jun 27, 2024
An issue was discovered in GitLab CE/EE affecting all versions starting from 12.0 prior to 16.11...
Moderate
Unreviewed
CVE-2024-1816
was published
Jun 27, 2024
Multiple Denial of Service (DoS) conditions has been discovered in GitLab CE/EE affecting all...
Moderate
Unreviewed
CVE-2024-4557
was published
Jun 27, 2024
An issue was discovered in GitLab CE/EE affecting all versions starting from 9.2 prior to 16.11.5...
Moderate
Unreviewed
CVE-2024-1493
was published
Jun 27, 2024
In WhatsUp Gold versions released before 2023.1.3, an unauthenticated Denial of Service
...
High
Unreviewed
CVE-2024-5013
was published
Jun 25, 2024
In WhatsUp Gold versions released before 2023.1.3, an uncontrolled resource consumption...
High
Unreviewed
CVE-2024-5011
was published
Jun 25, 2024
A vulnerability in mintplex-labs/anything-llm allows for a Denial of Service (DoS) condition due...
High
Unreviewed
CVE-2024-5216
was published
Jun 25, 2024
Adminer and AdminerEvo allow an unauthenticated remote attacker to cause a denial of service by...
Unknown
Unreviewed
CVE-2023-45196
was published
Jun 24, 2024
Improper line feed handling in zenml
Moderate
CVE-2024-4460
was published
for
zenml
(pip)
Jun 24, 2024
Undertow's url-encoded request path information can be broken on ajp-listener
High
CVE-2024-6162
was published
for
io.undertow:undertow-core
(Maven)
Jun 20, 2024
A high-privileged user, allowed to create custom osquery packs 17 could affect the availability...
Moderate
Unreviewed
CVE-2024-23443
was published
Jun 19, 2024
An uncontrolled resource consumption vulnerability exists in the `upload-link` endpoint of...
Moderate
Unreviewed
CVE-2024-5208
was published
Jun 19, 2024
Minder affected by denial of service from maliciously configured Git repository
Moderate
CVE-2024-37904
was published
for
github.com/stacklok/minder
(Go)
Jun 18, 2024
DoS in KAS in GitLab CE/EE affecting all versions from 16.10.0 prior to 16.10.6 and 16.11.0 prior...
Low
Unreviewed
CVE-2024-5469
was published
Jun 14, 2024
An issue has been discovered in GitLab CE/EE affecting all versions prior to 16.10.7, starting...
Moderate
Unreviewed
CVE-2024-1736
was published
Jun 13, 2024
An issue has been discovered in GitLab CE/EE affecting all versions starting from 8.4 prior to 16...
Moderate
Unreviewed
CVE-2024-1963
was published
Jun 13, 2024
An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.1 prior to...
Moderate
Unreviewed
CVE-2024-1495
was published
Jun 13, 2024
gqlparser denial of service vulnerability via the parserDirectives function
Moderate
CVE-2023-49559
was published
for
github.com/vektah/gqlparser
(Go)
Jun 12, 2024
Due to unrestricted access to the Meta Model
Repository services in SAP NetWeaver AS Java,...
High
Unreviewed
CVE-2024-34688
was published
Jun 11, 2024
SAP NetWeaver and ABAP platform allows an
attacker to impede performance for legitimate users by...
Moderate
Unreviewed
CVE-2024-33001
was published
Jun 11, 2024
go-grpc-compression has a zstd decompression bombing vulnerability
High
GHSA-87m9-rv8p-rgmg
was published
for
github.com/mostynb/go-grpc-compression
(Go)
Jun 10, 2024
mintplex-labs/anything-llm is affected by an uncontrolled resource consumption vulnerability in...
Moderate
Unreviewed
CVE-2024-3153
was published
Jun 6, 2024
Denial of service in langchain-community
Moderate
CVE-2024-2965
was published
for
langchain-community
(pip)
Jun 6, 2024
Denial of Service (DoS) attack possibility in TYPO3 component Indexed Search
Moderate
GHSA-pmxp-7224-h794
was published
for
typo3/cms
(Composer)
Jun 4, 2024
ProTip!
Advisories are also available from the
GraphQL API