GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,081
Erlang
29
GitHub Actions
19
Go
1,909
Maven
5,000+
npm
3,642
NuGet
638
pip
3,258
Pub
10
RubyGems
869
Rust
820
Swift
35
Unreviewed advisories
All unreviewed
5,000+
10,906 advisories
Filter by severity
SAP NetWeaver Application Server for ABAP and ABAP Platform allow users with high privileges to...
Low
Unreviewed
CVE-2024-44114
was published
Sep 10, 2024
AngularJS allows attackers to bypass common image source restrictions
Low
CVE-2024-8372
was published
for
angular
(npm)
Sep 9, 2024
AngularJS allows attackers to bypass common image source restrictions
Low
CVE-2024-8373
was published
for
angular
(npm)
Sep 9, 2024
Rapid7 Insight Platform versions between November 2019 and August 14, 2024 suffer from missing...
Low
Unreviewed
CVE-2024-8042
was published
Sep 9, 2024
A vulnerability has been identified in Node.js, affecting users of the experimental permission...
Low
Unreviewed
CVE-2024-36137
was published
Sep 7, 2024
An improper restriction of excessive authentication attempts vulnerability has been reported to...
Low
Unreviewed
CVE-2024-32771
was published
Sep 6, 2024
An improper certificate validation vulnerability has been reported to affect QuMagie. If...
Low
Unreviewed
CVE-2024-38642
was published
Sep 6, 2024
A cross-site scripting (XSS) vulnerability has been reported to affect Helpdesk. If exploited,...
Low
Unreviewed
CVE-2024-27125
was published
Sep 6, 2024
The WP ULike WordPress plugin before 4.7.2.1 does not properly sanitize user display names when...
Low
Unreviewed
CVE-2024-6792
was published
Sep 6, 2024
sigstore-go has an unbounded loop over untrusted input can lead to endless data attack
Low
CVE-2024-45395
was published
for
github.com/sigstore/sigstore-go
(Go)
Sep 4, 2024
A vulnerability was found in 云课网络科技有限公司 Yunke Online School System up to 1.5.5. It has been...
Low
Unreviewed
CVE-2024-8417
was published
Sep 4, 2024
Flask-AppBuilder's login form allows browser to cache sensitive fields
Low
CVE-2024-45314
was published
for
flask-appbuilder
(pip)
Sep 4, 2024
Timing-Based Username Enumeration Vulnerability in Fides Webserver Authentication
Low
CVE-2024-45052
was published
for
ethyca-fides
(pip)
Sep 4, 2024
Improper access control in new Dex Mode in multitasking framework prior to SMR Sep-2024 Release 1...
Low
Unreviewed
CVE-2024-34649
was published
Sep 4, 2024
Improper access control vulnerability in BGProtectManager prior to SMR Sep-2024 Release 1 allows...
Low
Unreviewed
CVE-2024-34640
was published
Sep 4, 2024
A vulnerability was found in the pkcs15-init tool in OpenSC. An attacker could use a crafted USB...
Low
Unreviewed
CVE-2024-45620
was published
Sep 4, 2024
A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK. An...
Low
Unreviewed
CVE-2024-45619
was published
Sep 4, 2024
A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK. An...
Low
Unreviewed
CVE-2024-45615
was published
Sep 4, 2024
A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK. An...
Low
Unreviewed
CVE-2024-45616
was published
Sep 4, 2024
A vulnerability was found in pkcs15-init in OpenSC. An attacker could use a crafted USB Device or...
Low
Unreviewed
CVE-2024-45618
was published
Sep 4, 2024
A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK. An...
Low
Unreviewed
CVE-2024-45617
was published
Sep 4, 2024
gix-path uses local config across repos when it is the highest scope
Low
CVE-2024-45305
was published
for
gix-path
(Rust)
Sep 3, 2024
runc can be confused to create empty files/directories on the host
Low
CVE-2024-45310
was published
for
github.com/opencontainers/runc
(Go)
Sep 3, 2024
A vulnerability has been found in Secure Systems Engineering Connaisseur up to 3.3.0 and...
Low
Unreviewed
CVE-2023-7279
was published
Sep 2, 2024
Improper neutralization of input in Checkmk before version 2.3.0p14 allows attackers to inject...
Low
Unreviewed
CVE-2024-38858
was published
Sep 2, 2024
ProTip!
Advisories are also available from the
GraphQL API