GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,090
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
10,421 advisories
Filter by severity
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious...
Moderate
Unreviewed
CVE-2024-0158
was published
Jul 2, 2024
Inadequate input validation exposes the system to potential remote code execution (RCE) risks....
Critical
Unreviewed
CVE-2023-41917
was published
Jul 2, 2024
Potential SSRF in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to...
Unknown
Unreviewed
CVE-2024-39573
was published
Jul 1, 2024
MongoDB Compass may be susceptible to code injection due to insufficient sandbox protection...
High
Unreviewed
CVE-2024-6376
was published
Jul 1, 2024
Microsoft Silverlight 5 before 5.1.20913.0 does not properly validate pointers during access to...
Moderate
Unreviewed
CVE-2013-3896
was published
May 14, 2022
The rds_page_copy_user function in net/rds/page.c in the Reliable Datagram Sockets (RDS) protocol...
High
Unreviewed
CVE-2010-3904
was published
May 13, 2022
The miniigd SOAP service in Realtek SDK allows remote attackers to execute arbitrary code via a...
High
Unreviewed
CVE-2014-8361
was published
May 13, 2022
Arbitrary File Creation in opencart
Moderate
CVE-2024-21519
was published
for
opencart/opencart
(Composer)
Jun 22, 2024
A SQL Injection vulnerability in Fortra FileCatalyst Workflow allows an attacker to modify...
Critical
Unreviewed
CVE-2024-5276
was published
Jun 25, 2024
Due to an improper input validation, an unauthenticated threat actor can send a malicious message...
Unknown
Unreviewed
CVE-2024-5989
was published
Jun 25, 2024
Due to an improper input validation, an unauthenticated threat actor can send a malicious message...
Unknown
Unreviewed
CVE-2024-5990
was published
Jun 25, 2024
Due to an improper input validation, an unauthenticated threat actor can send a malicious message...
Unknown
Unreviewed
CVE-2024-5988
was published
Jun 25, 2024
avo possible unsafe reflection / partial DoS vulnerability
High
CVE-2023-34102
was published
for
avo
(RubyGems)
Jun 6, 2023
An improper input validation vulnerability was discovered in Avaya IP Office that could allow...
Critical
Unreviewed
CVE-2024-4196
was published
Jun 25, 2024
SnakeYaml Constructor Deserialization Remote Code Execution
High
CVE-2022-1471
was published
for
org.yaml:snakeyaml
(Maven)
Dec 12, 2022
Keycloak Cross-site Scripting (XSS) via assertion consumer service URL in SAML POST-binding flow
Moderate
CVE-2023-6717
was published
for
org.keycloak:keycloak-services
(Maven)
Apr 17, 2024
Apache Tomcat Denial of Service due to improper input validation vulnerability for HTTP/2 requests
Moderate
CVE-2024-24549
was published
for
org.apache.tomcat.embed:tomcat-embed-core
(Maven)
Mar 13, 2024
Improper input validation in some Intel(R) TDX module software before version 1.5.05.46.698 may...
Moderate
Unreviewed
CVE-2023-47855
was published
May 16, 2024
Apache Avro Java SDK vulnerable to Improper Input Validation
High
CVE-2023-39410
was published
for
avro
(Maven)
Sep 29, 2023
Improper input validation in some Intel(R) TDX module software before version 1.5.05.46.698 may...
High
Unreviewed
CVE-2023-45745
was published
May 16, 2024
Microsoft Word Information Disclosure Vulnerability
Moderate
Unreviewed
CVE-2023-36761
was published
Sep 12, 2023
A flaw was found in the Poppler's Pdfinfo utility. This issue occurs when using -dests parameter...
Moderate
Unreviewed
CVE-2024-6239
was published
Jun 21, 2024
Integer overflow in libaom internal function img_alloc_helper can lead to heap buffer overflow....
Unknown
Unreviewed
CVE-2024-5171
was published
Jun 5, 2024
Lightning Network Daemon (LND)'s onion processing logic leads to a denial of service
Moderate
CVE-2024-38359
was published
for
github.com/lightningnetwork/lnd
(Go)
Jun 20, 2024
ProTip!
Advisories are also available from the
GraphQL API