GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,749
Maven
4,978
npm
3,509
NuGet
609
pip
3,084
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
10,622 advisories
Filter by severity
Microsoft Edge (Chromium-based) Spoofing Vulnerability
Low
Unreviewed
CVE-2024-21336
was published
Jan 26, 2024
Microsoft Edge (Chromium-based) Spoofing Vulnerability
Low
Unreviewed
CVE-2024-21383
was published
Jan 26, 2024
A vulnerability has been identified in Parasolid V35.1 (All versions < V35.1.254), Parasolid V36...
Low
Unreviewed
CVE-2024-26276
was published
Apr 9, 2024
A vulnerability has been identified in TIA Administrator (All versions < V3 SP2). The affected...
Low
Unreviewed
CVE-2023-38533
was published
Jun 11, 2024
A vulnerability has been identified in Parasolid V35.1 (All versions < V35.1.254), Parasolid V36...
Low
Unreviewed
CVE-2024-26277
was published
Apr 9, 2024
On Unix, SAP BusinessObjects Business
Intelligence Platform (Scheduling) allows an authenticated...
Low
Unreviewed
CVE-2024-34684
was published
Jun 11, 2024
Password hash exposed in CraftCMS two factor authentication plugin
Low
CVE-2024-5657
was published
for
born05/craft-twofactorauthentication
(Composer)
Jun 6, 2024
`docker cp` allows unexpected chmod of host files in Moby Docker Engine
Low
CVE-2021-41089
was published
for
github.com/docker/docker
(Go)
Jun 10, 2024
zenml-io/zenml does not expire the session after password reset
Low
CVE-2024-4680
was published
for
zenml
(pip)
Jun 8, 2024
Authentication Bypass by Spoofing vulnerability in Acurax Under Construction / Maintenance Mode...
Low
Unreviewed
CVE-2024-35749
was published
Jun 10, 2024
Use after free issue in editcap could cause denial of service via crafted capture file
Low
Unreviewed
CVE-2024-4855
was published
May 14, 2024
Memory handling issue in editcap could cause denial of service via crafted capture file
Low
Unreviewed
CVE-2024-4853
was published
May 14, 2024
Missing Authorization vulnerability in weForms.This issue affects weForms: from n/a through 1.6.20.
Low
Unreviewed
CVE-2024-30512
was published
Jun 9, 2024
A vulnerability was found in Likeshop up to 2.5.7 and classified as problematic. This issue...
Low
Unreviewed
CVE-2024-5766
was published
Jun 8, 2024
A Cross-Site Scripting (XSS) vulnerability exists in mintplex-labs/anything-llm, affecting both...
Low
Unreviewed
CVE-2024-3166
was published
Jun 6, 2024
Kofax Power PDF AcroForm Annotation Out-Of-Bounds Read Information Disclosure Vulnerability. This...
Low
Unreviewed
CVE-2024-5307
was published
Jun 6, 2024
s2n-tls has a potentially observable differences in RSA premaster secret handling
Low
GHSA-52xf-5p2m-9wrv
was published
for
s2n-tls
(Rust)
Jun 6, 2024
An issue was discovered in Samsung Mobile Processor, Automotive Processor, and Modem Exynos 9820,...
Low
Unreviewed
CVE-2023-50803
was published
Jun 5, 2024
Typo3 Information Disclosure in Page Tree
Low
GHSA-h934-f4m4-wc8x
was published
for
typo3/cms
(Composer)
Jun 5, 2024
Information Disclosure in TYPO3 CMS
Low
GHSA-c7p6-3c9c-f88q
was published
for
typo3/cms
(Composer)
Jun 5, 2024
Arbitrary JavaScript execution due to using outdated libraries
Low
GHSA-4m3g-6r7g-jv4f
was published
for
gradio_pdf
(pip)
Jun 5, 2024
ProTip!
Advisories are also available from the
GraphQL API