Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,233
Erlang
31
GitHub Actions
20
Go
1,992
Maven
5,000+
npm
3,709
NuGet
661
pip
3,346
Pub
11
RubyGems
884
Rust
846
Swift
36
Unreviewed advisories
All unreviewed
5,000+

342 advisories

Loading
Windows Print Spooler Elevation of Privilege Vulnerability High Unreviewed
CVE-2024-38198 was published Aug 13, 2024
RARLabs WinRAR before 6.23 allows attackers to execute arbitrary code when a user attempts to... High Unreviewed
CVE-2023-38831 was published Aug 23, 2023
Diebold Nixdorf Vynamic Security Suite (VSS) before 3.3.0 SR15, 4.0.0 SR05, 4.1.0 SR03, and 4.2.0... Moderate Unreviewed
CVE-2023-28865 was published Aug 8, 2024
The `fetch()` API and navigation incorrectly shared the same cache, as the cache key did not... Critical Unreviewed
CVE-2024-1554 was published Feb 20, 2024
Insufficient data validation in Installer in Google Chrome on Windows prior to 128.0.6613.84... High Unreviewed
CVE-2024-7979 was published Aug 21, 2024
Insufficient data validation in Installer in Google Chrome on Windows prior to 128.0.6613.84... High Unreviewed
CVE-2024-7980 was published Aug 21, 2024
DNSJava DNSSEC Bypass High
CVE-2024-25638 was published for dnsjava:dnsjava (Maven) Jul 22, 2024
bellebaum schanzen
milux levpachmanov
Ansible does not verify that the server hostname matches a domain name in certificates High
CVE-2015-3908 was published for ansible (pip) Oct 10, 2018
Dovecot accepts dot LF DOT LF symbol as end of DATA command. RFC requires that it should always... Moderate Unreviewed
CVE-2024-25584 was published Sep 6, 2024
Matrix Tafnit v8 - CWE-646: Reliance on File Name or Extension of Externally-Supplied File Moderate Unreviewed
CVE-2024-38432 was published Jul 30, 2024
In Astro-Shield, setting a correct `integrity` attribute to injected code allows to bypass the allow-lists High
CVE-2024-30250 was published for @kindspells/astro-shield (npm) Apr 1, 2024
castarco
Certifi removing TrustCor root certificate Moderate
CVE-2022-23491 was published for certifi (pip) Dec 7, 2022
dnslib has DNS reply verification issue High
CVE-2022-22846 was published for dnslib (pip) Jan 12, 2022
ASAR Integrity bypass via filetype confusion in electron Moderate
CVE-2023-44402 was published for electron (npm) Dec 1, 2023
MarshallOfSound
An issue was discovered in Technitium through 11.0.3. It enables attackers to conduct a DNS cache... High Unreviewed
CVE-2023-28457 was published Sep 18, 2024
The Web Application Firewall plugin for WordPress is vulnerable to IP Address Spoofing in... Moderate Unreviewed
CVE-2022-4539 was published Aug 31, 2024
Insufficient verification of data authenticity in the installer for Zoom Workplace VDI App for... Moderate Unreviewed
CVE-2024-27244 was published May 15, 2024
IBM Aspera Faspex 5.0.5 could allow a remote attacked to bypass IP restrictions due to improper... High Unreviewed
CVE-2023-35906 was published Sep 5, 2023
Sony XAV-AX5500 Insufficient Firmware Update Validation Remote Code Execution Vulnerability. This... Moderate Unreviewed
CVE-2024-23922 was published Sep 23, 2024
HTTP client can manipulate custom HTTP headers that are added by Traefik Critical
CVE-2024-45410 was published for github.com/traefik/traefik (Go) Sep 19, 2024
drolmat
Incorrect header handling in mod-wsgi High
CVE-2022-2255 was published for mod-wsgi (pip) Aug 26, 2022
The Limit Login Attempts Plus plugin for WordPress is vulnerable to IP Address Spoofing in... Moderate Unreviewed
CVE-2022-4533 was published Sep 19, 2024
Openstack Neutron has Insufficient Verification of IPv6 addresses High
CVE-2021-20267 was published for neutron (pip) May 24, 2022
Malformed Device Reset Locally command classes can be sent to temporarily deny service to an end... High Unreviewed
CVE-2024-3051 was published Apr 27, 2024
Malformed Device Reset Locally Command Class packets can be sent to the controller, causing the... Moderate Unreviewed
CVE-2023-6533 was published Feb 21, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database