GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,749
Maven
4,978
npm
3,509
NuGet
609
pip
3,084
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
10,622 advisories
Filter by severity
Mattermost Desktop App allows for bypassing TCC restrictions on macOS
Low
CVE-2024-36287
was published
for
mattermost-desktop
(npm)
Jun 14, 2024
A vulnerability was found in nasirkhan Laravel Starter up to 11.8.0. It has been rated as...
Low
Unreviewed
CVE-2024-6056
was published
Jun 17, 2024
SQL Injection in Harbor scan log API
Low
CVE-2024-22261
was published
for
github.com/goharbor/harbor
(Go)
Jun 2, 2024
evmos allows transferring unvested tokens after delegations
Low
CVE-2024-32873
was published
for
github.com/evmos/evmos/v10
(Go)
Jun 6, 2024
IBM Db2 for i 7.2, 7.3, 7.4, and 7.5 supplies user defined table function is vulnerable to user...
Low
Unreviewed
CVE-2024-31870
was published
Jun 15, 2024
HCL DRYiCE Optibot Reset Station is impacted by a missing Strict Transport Security Header. This...
Low
Unreviewed
CVE-2024-30119
was published
Jun 15, 2024
HCL DRYiCE Optibot Reset Station is impacted by an Unused Parameter in the web application.
Low
Unreviewed
CVE-2024-30120
was published
Jun 15, 2024
Bouncy Castle Java Cryptography API vulnerable to DNS poisoning
Low
CVE-2024-34447
was published
for
org.bouncycastle:bcprov-jdk12
(Maven)
May 3, 2024
@strapi/plugin-content-manager leaks data via relations via the Admin Panel
Low
CVE-2024-29181
was published
for
@strapi/plugin-content-manager
(npm)
Jun 12, 2024
Insufficient verification vulnerability in the system sharing pop-up module
Impact: Successful...
Low
Unreviewed
CVE-2024-32989
was published
May 14, 2024
DoS in KAS in GitLab CE/EE affecting all versions from 16.10.0 prior to 16.10.6 and 16.11.0 prior...
Low
Unreviewed
CVE-2024-5469
was published
Jun 14, 2024
The Easy WP SMTP by SendLayer – WordPress SMTP and Email Log Plugin plugin for WordPress is...
Low
Unreviewed
CVE-2024-3073
was published
Jun 13, 2024
Adobe Experience Manager versions 6.5.20 and earlier are affected by an Improper Input Validation...
Low
Unreviewed
CVE-2024-36226
was published
Jun 13, 2024
Adobe Experience Manager versions 6.5.20 and earlier are affected by an Improper Input Validation...
Low
Unreviewed
CVE-2024-26127
was published
Jun 13, 2024
Adobe Experience Manager versions 6.5.20 and earlier are affected by an Improper Input Validation...
Low
Unreviewed
CVE-2024-26126
was published
Jun 13, 2024
HashiCorp Vault Incorrectly Validated JSON Web Tokens (JWT) Audience Claims
Low
CVE-2024-5798
was published
for
github.com/hashicorp/vault
(Go)
Jun 12, 2024
Keycloak Denial of Service via account lockout
Low
GHSA-cq42-vhv7-xr7p
was published
for
org.keycloak:keycloak-services
(Maven)
Jun 12, 2024
Keycloak's improper input validation allows using email as username
Low
GHSA-4vc8-pg5c-vg4x
was published
for
org.keycloak:keycloak-services
(Maven)
Jun 12, 2024
A stored cross site scripting vulnerability exists in Tenable Security Center where an...
Low
Unreviewed
CVE-2024-1891
was published
Jun 12, 2024
A Cross-site request forgery (CSRF) flaw was found in Keycloak and occurs due to the lack of a...
Low
Unreviewed
CVE-2024-5203
was published
Jun 12, 2024
A vulnerability exists in the FOXMAN-UN/UNEM in which sensitive information is
stored in...
Low
Unreviewed
CVE-2024-28024
was published
Jun 11, 2024
A low severity vulnerability in BIPS has been identified where an attacker with high privileges...
Low
Unreviewed
CVE-2024-5812
was published
Jun 11, 2024
Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability
Low
Unreviewed
CVE-2024-26246
was published
Mar 15, 2024
Keycloak DoS via account lockout
Low
CVE-2024-1722
was published
for
org.keycloak:keycloak-core
(Maven)
Feb 29, 2024
A use of password hash with insufficient computational effort vulnerability [CWE-916] affecting...
Low
Unreviewed
CVE-2024-21754
was published
Jun 11, 2024
ProTip!
Advisories are also available from the
GraphQL API