GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,749
Maven
4,978
npm
3,509
NuGet
609
pip
3,084
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
287 advisories
Filter by severity
In the Linux kernel, the following vulnerability has been resolved:
tracing/probes: fix error...
Moderate
Unreviewed
CVE-2024-36481
was published
Jun 21, 2024
socket.io has an unhandled 'error' event
High
CVE-2024-38355
was published
for
socket.io
(npm)
Jun 19, 2024
LNbits improperly handles potential network and payment failures when using Eclair backend
High
CVE-2024-34694
was published
for
lnbits
(pip)
Jun 17, 2024
Directus is soft-locked by providing a string value to random string util
High
CVE-2024-36128
was published
for
directus
(npm)
Jun 4, 2024
Tor path lengths too short when "full Vanguards" configured
Moderate
CVE-2024-35313
was published
for
arti
(Rust)
May 18, 2024
Tor Arti's STUB circuits incorrectly have a length of 2
High
CVE-2024-35312
was published
for
arti
(Rust)
May 18, 2024
Improper conditions check in Intel(R) Power Gadget software for macOS all versions may allow an...
Low
Unreviewed
CVE-2023-38420
was published
May 16, 2024
Previous ATX is not checked to be the newest valid ATX by Smesher when validating incoming ATX
High
CVE-2024-34360
was published
for
github.com/spacemeshos/api
(Go)
May 10, 2024
Malformed S2 Nonce Get command classes can be sent to crash the gateway. A hard reset is...
High
Unreviewed
CVE-2024-3052
was published
Apr 27, 2024
Mattermost crashes web clients via a malformed custom status
Moderate
CVE-2024-4182
was published
for
github.com/mattermost/mattermost-server
(Go)
Apr 26, 2024
An Improper Check for Unusual or Exceptional Conditions vulnerability in the Layer 2 Address...
Moderate
Unreviewed
CVE-2024-30402
was published
Apr 12, 2024
An Improper Check for Unusual or Exceptional Conditions vulnerability in the the Public Key...
High
Unreviewed
CVE-2024-30397
was published
Apr 12, 2024
An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding...
Moderate
Unreviewed
CVE-2024-30384
was published
Apr 12, 2024
An Improper Check for Unusual or Exceptional Conditions vulnerability in telemetry processing of...
Moderate
Unreviewed
CVE-2024-30409
was published
Apr 12, 2024
HPACK decoder panics on invalid input
High
GHSA-w7hm-hmxv-pvhf
was published
for
hpack
(Rust)
Apr 5, 2024
In the Linux kernel, the following vulnerability has been resolved:
i2c: validate user data in...
Low
Unreviewed
CVE-2021-46934
was published
Feb 27, 2024
In the Linux kernel, the following vulnerability has been resolved:
ARM: footbridge: fix PCI...
Moderate
Unreviewed
CVE-2021-46909
was published
Feb 27, 2024
Malformed S2 Nonce Get Command Class packets can be sent to crash PC Controller v5.54.0 and...
Moderate
Unreviewed
CVE-2023-6640
was published
Feb 21, 2024
XSS sidekiq-unique-jobs UI server vulnerability
High
CVE-2024-25122
was published
for
sidekiq-unique-jobs
(RubyGems)
Feb 13, 2024
dm_table_create in drivers/md/dm-table.c in the Linux kernel through 6.7.4 can attempt to (in...
Moderate
Unreviewed
CVE-2023-52429
was published
Feb 12, 2024
create_empty_lvol in drivers/mtd/ubi/vtbl.c in the Linux kernel through 6.7.4 can attempt to...
Moderate
Unreviewed
CVE-2024-25739
was published
Feb 12, 2024
Prior to v7.4.0, Ember ZNet is vulnerable to a denial of service attack through manipulation of...
High
Unreviewed
CVE-2023-6874
was published
Feb 5, 2024
moby docker daemon crash during image pull of malicious image
Moderate
CVE-2021-21285
was published
for
github.com/moby/moby
(Go)
Jan 31, 2024
BuildKit vulnerable to possible panic when incorrect parameters sent from frontend
Moderate
CVE-2024-23650
was published
for
github.com/moby/buildkit
(Go)
Jan 31, 2024
Vyper's raw_call `value=` kwargs not disabled for static and delegate calls
Moderate
CVE-2024-24567
was published
for
vyper
(pip)
Jan 30, 2024
ProTip!
Advisories are also available from the
GraphQL API