Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,090
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+

10,421 advisories

Loading
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious... Moderate Unreviewed
CVE-2024-0158 was published Jul 2, 2024
Inadequate input validation exposes the system to potential remote code execution (RCE) risks.... Critical Unreviewed
CVE-2023-41917 was published Jul 2, 2024
Potential SSRF in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to... Unknown Unreviewed
CVE-2024-39573 was published Jul 1, 2024
MongoDB Compass may be susceptible to code injection due to insufficient sandbox protection... High Unreviewed
CVE-2024-6376 was published Jul 1, 2024
Microsoft Silverlight 5 before 5.1.20913.0 does not properly validate pointers during access to... Moderate Unreviewed
CVE-2013-3896 was published May 14, 2022
The rds_page_copy_user function in net/rds/page.c in the Reliable Datagram Sockets (RDS) protocol... High Unreviewed
CVE-2010-3904 was published May 13, 2022
The miniigd SOAP service in Realtek SDK allows remote attackers to execute arbitrary code via a... High Unreviewed
CVE-2014-8361 was published May 13, 2022
Arbitrary File Creation in opencart Moderate
CVE-2024-21519 was published for opencart/opencart (Composer) Jun 22, 2024
A SQL Injection vulnerability in Fortra FileCatalyst Workflow allows an attacker to modify... Critical Unreviewed
CVE-2024-5276 was published Jun 25, 2024
Due to an improper input validation, an unauthenticated threat actor can send a malicious message... Unknown Unreviewed
CVE-2024-5989 was published Jun 25, 2024
Due to an improper input validation, an unauthenticated threat actor can send a malicious message... Unknown Unreviewed
CVE-2024-5990 was published Jun 25, 2024
Due to an improper input validation, an unauthenticated threat actor can send a malicious message... Unknown Unreviewed
CVE-2024-5988 was published Jun 25, 2024
avo possible unsafe reflection / partial DoS vulnerability High
CVE-2023-34102 was published for avo (RubyGems) Jun 6, 2023
FLX-0x00
An improper input validation vulnerability was discovered in Avaya IP Office that could allow... Critical Unreviewed
CVE-2024-4196 was published Jun 25, 2024
SnakeYaml Constructor Deserialization Remote Code Execution High
CVE-2022-1471 was published for org.yaml:snakeyaml (Maven) Dec 12, 2022
justintaft securisec
JLLeitschuh DmitriyLewen yairmzr pjfanning
Keycloak Cross-site Scripting (XSS) via assertion consumer service URL in SAML POST-binding flow Moderate
CVE-2023-6717 was published for org.keycloak:keycloak-services (Maven) Apr 17, 2024
Apache Tomcat Denial of Service due to improper input validation vulnerability for HTTP/2 requests Moderate
CVE-2024-24549 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Mar 13, 2024
oscerd westonsteimel
Improper input validation in some Intel(R) TDX module software before version 1.5.05.46.698 may... Moderate Unreviewed
CVE-2023-47855 was published May 16, 2024
Apache Avro Java SDK vulnerable to Improper Input Validation High
CVE-2023-39410 was published for avro (Maven) Sep 29, 2023
Improper input validation in some Intel(R) TDX module software before version 1.5.05.46.698 may... High Unreviewed
CVE-2023-45745 was published May 16, 2024
Improper Input Validation in pip Moderate
CVE-2021-3572 was published for pip (pip) Nov 15, 2021
Microsoft Word Information Disclosure Vulnerability Moderate Unreviewed
CVE-2023-36761 was published Sep 12, 2023
A flaw was found in the Poppler's Pdfinfo utility. This issue occurs when using -dests parameter... Moderate Unreviewed
CVE-2024-6239 was published Jun 21, 2024
Integer overflow in libaom internal function img_alloc_helper can lead to heap buffer overflow.... Unknown Unreviewed
CVE-2024-5171 was published Jun 5, 2024
Lightning Network Daemon (LND)'s onion processing logic leads to a denial of service Moderate
CVE-2024-38359 was published for github.com/lightningnetwork/lnd (Go) Jun 20, 2024
morehouse
ProTip! Advisories are also available from the GraphQL API