GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,749
Maven
4,978
npm
3,509
NuGet
609
pip
3,084
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
221,313 advisories
Filter by severity
Rejected reason: CVE ID issued in error. This is not a valid vulnerability.
Unknown
Unreviewed
CVE-2024-5972
was published
Jun 29, 2024
In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify the plaintext Extra Count...
Unknown
Unreviewed
CVE-2024-37370
was published
Jun 29, 2024
The Page and Post Clone plugin for WordPress is vulnerable to Insecure Direct Object Reference in...
Moderate
Unreviewed
CVE-2024-5942
was published
Jun 29, 2024
IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, and 12.0.2 is...
Moderate
Unreviewed
CVE-2024-25053
was published
Jun 29, 2024
IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.4 uses an inadequate account lockout...
Moderate
Unreviewed
CVE-2024-25031
was published
Jun 29, 2024
Vanna v0.3.4 is vulnerable to SQL injection in its DuckDB integration exposed to its Flask Web...
Critical
Unreviewed
CVE-2024-5827
was published
Jun 29, 2024
In Helix ALM versions prior to 2024.2.0, a local command injection was identified. Reported by...
Low
Unreviewed
CVE-2024-3995
was published
Jun 29, 2024
Cross-Site Request Forgery (CSRF) in stitionai/devika
High
Unreviewed
CVE-2024-5712
was published
Jun 29, 2024
DCMTK through 3.6.6 does not handle memory free properly. The object in the program is free but...
High
Unreviewed
CVE-2021-41688
was published
Jun 29, 2022
An incorrect type conversion vulnerability exists in the DVPSSoftcopyVOI_PList::createFromImage...
High
Unreviewed
CVE-2024-28130
was published
Apr 23, 2024
DCMTK through 3.6.6 does not handle memory free properly. The malloced memory for storing all...
High
Unreviewed
CVE-2021-41690
was published
Jun 29, 2022
CPython 3.9 and earlier doesn't disallow configuring an empty list ("[]") for SSLContext...
Unknown
Unreviewed
CVE-2024-5642
was published
Jun 27, 2024
dcmnet in DCMTK before 3.6.9 has a segmentation fault via an invalid DIMSE message.
Unknown
Unreviewed
CVE-2024-34508
was published
May 5, 2024
dcmdata in DCMTK before 3.6.9 has a segmentation fault via an invalid DIMSE message.
Unknown
Unreviewed
CVE-2024-34509
was published
May 5, 2024
Issue summary: Calling the OpenSSL API function SSL_select_next_proto with an
empty supported...
Unknown
Unreviewed
CVE-2024-5535
was published
Jun 27, 2024
IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, and 12.0.2 is...
Moderate
Unreviewed
CVE-2024-25041
was published
Jun 29, 2024
OFFIS DCMTK's (All versions prior to 3.6.7) has a NULL pointer dereference vulnerability while...
Moderate
Unreviewed
CVE-2022-2121
was published
Jun 25, 2022
DCMTK through 3.6.6 does not handle memory free properly. The program malloc a heap memory for...
High
Unreviewed
CVE-2021-41687
was published
Jun 29, 2022
** UNSUPPORTED WHEN ASSIGNED ** The vulnerability exists in Syska SW100 Smartwatch due to an...
High
Unreviewed
CVE-2022-3007
was published
Oct 31, 2023
Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a...
High
Unreviewed
CVE-2015-2425
was published
May 14, 2022
Adobe Reader and Acrobat 10.x before 10.1.11 and 11.x before 11.0.08 on Windows allow attackers...
High
Unreviewed
CVE-2014-0546
was published
May 17, 2022
Microsoft Internet Explorer 7 through 11 allows remote attackers to gain privileges via a crafted...
Moderate
Unreviewed
CVE-2014-4123
was published
May 14, 2022
The Windows DirectWrite library, as used in Microsoft .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, 4.5,...
High
Unreviewed
CVE-2015-1671
was published
May 14, 2022
Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows...
High
Unreviewed
CVE-2014-4077
was published
May 14, 2022
The PDF reader in Mozilla Firefox before 39.0.3, Firefox ESR 38.x before 38.1.1, and Firefox OS...
Moderate
Unreviewed
CVE-2015-4495
was published
May 14, 2022
ProTip!
Advisories are also available from the
GraphQL API