GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,967
Erlang
29
GitHub Actions
16
Go
1,749
Maven
4,978
npm
3,509
NuGet
609
pip
3,076
Pub
10
RubyGems
832
Rust
781
Swift
34
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
221,267 advisories
Filter by severity
Directory Traversal vulnerability in Kalkitech ASE ASE61850 IEDSmart upto and including version 2...
Unknown
Unreviewed
CVE-2024-36059
was published
Jun 28, 2024
In phpseclib before 1.0.22, 2.x before 2.0.46, and 3.x before 3.0.33, some characters in Subject...
Unknown
Unreviewed
CVE-2023-52892
was published
Jun 28, 2024
NLTK through 3.8.1 allows remote code execution if untrusted packages have pickled Python code,...
Unknown
Unreviewed
CVE-2024-39705
was published
Jun 28, 2024
PTC Creo Elements/Direct License Server exposes a web interface which can be used by...
Critical
Unreviewed
CVE-2024-6071
was published
Jun 28, 2024
In the Linux kernel before 4.8, usb_parse_endpoint in drivers/usb/core/config.c does not validate...
Unknown
Unreviewed
CVE-2016-20022
was published
Jun 28, 2024
The XPC service within the audit functionality of Jamf Compliance Editor before version 1.3.1 on...
Unknown
Unreviewed
CVE-2024-4395
was published
Jun 28, 2024
CPython 3.9 and earlier doesn't disallow configuring an empty list ("[]") for SSLContext...
Unknown
Unreviewed
CVE-2024-5642
was published
Jun 27, 2024
netplan leaks the private key of wireguard to local users. A security fix will be released soon.
Moderate
Unreviewed
CVE-2022-4968
was published
Jun 7, 2024
It was found that polkit could be tricked into bypassing the credential checks for D-Bus requests...
High
Unreviewed
CVE-2021-3560
was published
Feb 17, 2022
Type confusion in V8 in Google Chrome prior to 114.0.5735.110 allowed a remote attacker to...
High
Unreviewed
CVE-2023-3079
was published
Jun 6, 2023
Microsoft is investigating reports of a series of remote code execution vulnerabilities impacting...
High
Unreviewed
CVE-2023-36884
was published
Jul 11, 2023
Type confusion in V8 in Google Chrome prior to 112.0.5615.121 allowed a remote attacker to...
High
Unreviewed
CVE-2023-2033
was published
Apr 14, 2023
The rds_page_copy_user function in net/rds/page.c in the Reliable Datagram Sockets (RDS) protocol...
High
Unreviewed
CVE-2010-3904
was published
May 13, 2022
Roundcube before 1.3.17 and 1.4.x before 1.4.12 is prone to a potential SQL injection via search...
Critical
Unreviewed
CVE-2021-44026
was published
May 24, 2022
linkref_addindex in rcube_string_replacer.php in Roundcube Webmail before 1.4.10 allows XSS via a...
Moderate
Unreviewed
CVE-2020-35730
was published
May 24, 2022
This vulnerability allows remote attackers to bypass authentication on affected installations of...
Critical
Unreviewed
CVE-2023-27350
was published
Apr 20, 2023
The miniigd SOAP service in Realtek SDK allows remote attackers to execute arbitrary code via a...
High
Unreviewed
CVE-2014-8361
was published
May 13, 2022
Cisco IOS 12.2(15) and earlier allows remote attackers to cause a denial of service (refused VTY ...
Moderate
Unreviewed
CVE-2004-1464
was published
Apr 29, 2022
The kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1,...
High
Unreviewed
CVE-2016-0165
was published
May 14, 2022
Netwrix CoSoSys Endpoint Protector through 5.9.3 and CoSoSys Unify through 7.0.6 contain a remote...
Unknown
Unreviewed
CVE-2024-36072
was published
Jun 27, 2024
Netwrix CoSoSys Endpoint Protector through 5.9.3 and CoSoSys Unify through 7.0.6 contain a remote...
Unknown
Unreviewed
CVE-2024-36075
was published
Jun 27, 2024
Netwrix CoSoSys Endpoint Protector through 5.9.3 and CoSoSys Unify through 7.0.6 contain a remote...
Unknown
Unreviewed
CVE-2024-36074
was published
Jun 27, 2024
An Authentication Bypass Using an Alternate Path or Channel vulnerability in Juniper Networks...
Critical
Unreviewed
CVE-2024-2973
was published
Jun 27, 2024
A NULL Pointer Dereference vulnerability in DumpTS v0.1.0-nightly allows attackers to cause a...
Unknown
Unreviewed
CVE-2024-39132
was published
Jun 27, 2024
Netwrix CoSoSys Endpoint Protector through 5.9.3 and CoSoSys Unify through 7.0.6 contain a remote...
Unknown
Unreviewed
CVE-2024-36073
was published
Jun 27, 2024
ProTip!
Advisories are also available from the
GraphQL API