Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,081
Erlang
29
GitHub Actions
19
Go
1,909
Maven
5,000+
npm
3,642
NuGet
638
pip
3,258
Pub
10
RubyGems
869
Rust
820
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

124 advisories

Loading
An issue has been discovered in GitLab EE affecting all versions starting from 16.0 prior to 17.2... Low Unreviewed
CVE-2024-4099 was published Sep 27, 2024
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting'),... Critical Unreviewed
CVE-2024-7873 was published Sep 17, 2024
A vulnerability was found in kitsada8621 Digital Library Management System 1.0. It has been... Moderate Unreviewed
CVE-2024-8297 was published Aug 29, 2024
In shouldRestrictOverlayActivities of UsbProfileGroupSettingsManager.java, there is a possible... High Unreviewed
CVE-2024-34739 was published Aug 16, 2024
Windows App Installer Spoofing Vulnerability High Unreviewed
CVE-2024-38177 was published Aug 13, 2024
An issue was discovered in GitLab CE/EE affecting all versions starting from 8.16 prior to 17.0.6... Moderate Unreviewed
CVE-2024-6329 was published Aug 8, 2024
IBM Aspera Orchestrator 4.0.1 is vulnerable to HTTP header injection, caused by improper... Moderate Unreviewed
CVE-2023-26289 was published Jul 30, 2024
IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 is vulnerable to HTTP header... Moderate Unreviewed
CVE-2024-39736 was published Jul 15, 2024
Substitution encoding issue in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows... Critical Unreviewed
CVE-2024-38474 was published Jul 1, 2024
Encoding problem in mod_proxy in Apache HTTP Server 2.4.59 and earlier allows request URLs with... High Unreviewed
CVE-2024-38473 was published Jul 1, 2024
Improper escaping of output in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows an... Critical Unreviewed
CVE-2024-38475 was published Jul 1, 2024
An issue in dc2niix before v.1.0.20240202 allows a local attacker to execute arbitrary code via... High Unreviewed
CVE-2024-27629 was published Jun 29, 2024
A host whitelist parser issue in the proxy service implemented in the GravityZone Update Server... High Unreviewed
CVE-2024-4177 was published Jun 6, 2024
There exists a Denial of service vulnerability in Tink-cc in versions prior to 2.1.3.  * An... Unknown Unreviewed
CVE-2024-4420 was published May 21, 2024
A host header injection vulnerability in the HTTP handler component of Crafty Controller allows a... High Unreviewed
CVE-2024-1064 was published Feb 3, 2024
IBM Tivoli Application Dependency Discovery Manager 7.3.0.0 through 7.3.0.10 is vulnerable to... Critical Unreviewed
CVE-2023-47143 was published Feb 2, 2024
A vulnerability classified as critical has been found in Sichuan Yougou Technology KuERP up to 1... Moderate Unreviewed
CVE-2024-0987 was published Jan 29, 2024
Dell Unity, versions prior to 5.4, contain a vulnerability whereby log messages can be spoofed... Low Unreviewed
CVE-2024-22229 was published Jan 24, 2024
OPCUAServerToolkit will write a log message once an OPC UA client has successfully connected... Moderate Unreviewed
CVE-2023-7234 was published Jan 16, 2024
The EventON WordPress plugin before 4.5.5, EventON WordPress plugin before 2.2.7 do not properly... Moderate Unreviewed
CVE-2024-0233 was published Jan 16, 2024
The EventON WordPress plugin before 4.5.5, EventON WordPress plugin before 2.2.7 does not... Moderate Unreviewed
CVE-2023-6005 was published Jan 16, 2024
lockss-daemon (aka Classic LOCKSS Daemon) before 1.77.3 performs post-Unicode normalization,... Moderate Unreviewed
CVE-2023-42183 was published Dec 15, 2023
IBM QRadar WinCollect Agent 10.0 through 10.1.7 could allow a local user to perform unauthorized... Low Unreviewed
CVE-2023-26279 was published Nov 24, 2023
An issue was discovered in OpenNDS Captive Portal before version 10.1.2. When the custom unescape... Critical Unreviewed
CVE-2023-38316 was published Nov 17, 2023
HTML and SMTP injections on the registration page of LiquidFiles versions 3.7.13 and below, allow... Moderate Unreviewed
CVE-2023-4393 was published Oct 30, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database