GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,749
Maven
4,978
npm
3,509
NuGet
609
pip
3,084
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
240,683 advisories
Filter by severity
IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability...
Moderate
Unreviewed
CVE-2024-28795
was published
Jun 30, 2024
IBM InfoSphere Information Server 11.7 is vulnerable stored to cross-site scripting. This...
Moderate
Unreviewed
CVE-2024-28797
was published
Jun 30, 2024
IBM InfoSphere Information Server 11.7 is vulnerable to cross-site request forgery which could...
Moderate
Unreviewed
CVE-2024-31902
was published
Jun 30, 2024
IBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain sensitive...
Moderate
Unreviewed
CVE-2024-35119
was published
Jun 30, 2024
IBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain sensitive...
Moderate
Unreviewed
CVE-2023-50953
was published
Jun 30, 2024
IBM InfoSphere Information Server 11.7 is vulnerable to server-side request forgery (SSRF). This...
Moderate
Unreviewed
CVE-2023-50952
was published
Jun 30, 2024
IBM InfoSphere Information Server 11.7 could allow an authenticated user to read or modify...
Moderate
Unreviewed
CVE-2024-31898
was published
Jun 30, 2024
IBM InfoSphere Information Server 11.7 returns sensitive information in URL information that...
Moderate
Unreviewed
CVE-2023-50954
was published
Jun 30, 2024
IBM InfoSphere Information Server 11.7 is vulnerable to stored cross-site scripting. This...
High
Unreviewed
CVE-2024-28798
was published
Jun 30, 2024
IBM InfoSphere Information Server 11.7 could allow a local user to update projects that they do...
Moderate
Unreviewed
CVE-2023-35022
was published
Jun 30, 2024
A reflected Cross-Site Scripting (XSS) vulnerability was identified in zenml-io/zenml version 0...
Moderate
Unreviewed
CVE-2024-5062
was published
Jun 30, 2024
nscd: Null pointer crashes after notfound response
If the Name Service Cache Daemon's (nscd)...
Unknown
Unreviewed
CVE-2024-33600
was published
May 6, 2024
nscd: netgroup cache may terminate daemon on memory allocation failure
The Name Service Cache...
Unknown
Unreviewed
CVE-2024-33601
was published
May 6, 2024
nscd: Stack-based buffer overflow in netgroup cache
If the Name Service Cache Daemon's (nscd)...
Unknown
Unreviewed
CVE-2024-33599
was published
May 6, 2024
nscd: netgroup cache assumes NSS callback uses in-buffer strings
The Name Service Cache Daemon's...
Unknown
Unreviewed
CVE-2024-33602
was published
May 6, 2024
Netatalk 3.2.0 has an off-by-one error and resultant heap-based buffer overflow because of...
Unknown
Unreviewed
CVE-2024-38441
was published
Jun 16, 2024
Netatalk 3.2.0 has an off-by-one error and resultant heap-based buffer overflow because of...
Unknown
Unreviewed
CVE-2024-38439
was published
Jun 16, 2024
Netatalk 3.2.0 has an off-by-one error and resultant heap-based buffer overflow because of...
Unknown
Unreviewed
CVE-2024-38440
was published
Jun 16, 2024
The Mojolicious module before 8.65 for Perl is vulnerable to secure_compare timing attacks that...
Unknown
Unreviewed
CVE-2020-36829
was published
Apr 8, 2024
Path Traversal: '\..\filename' in GitHub repository stitionai/devika prior to -.
Critical
Unreviewed
CVE-2024-5926
was published
Jun 30, 2024
A vulnerability classified as problematic was found in Ingenico Estate Manager 2023. Affected by...
Moderate
Unreviewed
CVE-2024-6415
was published
Jun 30, 2024
A vulnerability classified as problematic has been found in Parsec Automation TrakSYS 11.x.x....
Moderate
Unreviewed
CVE-2024-6414
was published
Jun 30, 2024
R74n Sandboxels 1.9 through 1.9.5 allows XSS via a message in a modified saved-game file.
Unknown
Unreviewed
CVE-2024-39828
was published
Jun 29, 2024
Internet2 Grouper before 5.6 allows authentication bypass when LDAP authentication is used in...
Unknown
Unreviewed
CVE-2024-39848
was published
Jun 30, 2024
NewPass before 1.2.0 stores passwords (rather than password hashes) directly, which makes it...
Unknown
Unreviewed
CVE-2024-39846
was published
Jun 29, 2024
ProTip!
Advisories are also available from the
GraphQL API