Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,902
Maven
5,000+
npm
3,631
NuGet
638
pip
3,246
Pub
10
RubyGems
863
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

4,821 advisories

Loading
Dell PowerScale OneFS versions 8.2.x through 9.7.0.1 contains an improper input validation... Moderate Unreviewed
CVE-2024-25970 was published May 14, 2024
A low privileged remote attacker... Moderate Unreviewed
CVE-2024-28135 was published May 14, 2024
Permission verification vulnerability in the system sharing pop-up module Impact: Successful... Moderate Unreviewed
CVE-2024-32990 was published May 14, 2024
A Segmentation Fault issue discovered in Samsung Open Source Escargot JavaScript engine ... Moderate Unreviewed
CVE-2024-32672 was published May 14, 2024
 An improper authorization level has been detected in the login panel. It may lead to... Moderate Unreviewed
CVE-2023-7240 was published May 7, 2024
Unified Automation UaGateway OPC UA Server Improper Input Validation Denial-of-Service... Moderate Unreviewed
CVE-2023-32170 was published May 3, 2024
A vulnerability on Mitel 6800 Series and 6900 Series SIP Phones, including 6970 Conference Unit,... Moderate Unreviewed
CVE-2024-31965 was published May 2, 2024
Dell OpenManage Enterprise, versions prior to 4.1.0, contains an XSS injection vulnerability in... Moderate Unreviewed
CVE-2024-28979 was published May 1, 2024
vyper performs incorrect topic logging in raw_log Moderate
CVE-2024-32645 was published for vyper (pip) Apr 25, 2024
chen-robert
vyper performs double eval of the slice start/length args in certain cases Moderate
CVE-2024-32646 was published for vyper (pip) Apr 25, 2024
cyberthirst
Unicode transformation vulnerability in Hyperion affecting version 2.0.15. This vulnerability... Moderate Unreviewed
CVE-2024-4175 was published Apr 25, 2024
Keycloak Cross-site Scripting (XSS) via assertion consumer service URL in SAML POST-binding flow Moderate
CVE-2023-6717 was published for org.keycloak:keycloak-services (Maven) Apr 17, 2024
Improper Input Validation vulnerability in Saturday Drive Ninja Forms Contact Form.This issue... Moderate Unreviewed
CVE-2023-36505 was published Apr 17, 2024
An Improper Input Validation vulnerability in Juniper Tunnel Driver (jtd) and ICMP module of... Moderate Unreviewed
CVE-2024-21590 was published Apr 12, 2024
A flaw was found in FreeIPA. This issue may allow a remote attacker to craft a HTTP request with... Moderate Unreviewed
CVE-2024-1481 was published Apr 10, 2024
In mintplex-labs/anything-llm, an improper input validation vulnerability allows attackers to... Moderate Unreviewed
CVE-2024-3101 was published Apr 10, 2024
mysql2 cache poisoning vulnerability Moderate
CVE-2024-21507 was published for mysql2 (npm) Apr 10, 2024
Apache Zeppelin: LDAP search filter query Injection Vulnerability Moderate
CVE-2024-31867 was published for org.apache.zeppelin:zeppelin-server (Maven) Apr 9, 2024
oscerd
Windows rndismp6.sys Remote Code Execution Vulnerability Moderate Unreviewed
CVE-2024-26253 was published Apr 9, 2024
Secure Boot Security Feature Bypass Vulnerability Moderate Unreviewed
CVE-2024-28897 was published Apr 9, 2024
Apache Zeppelin: Cron arbitrary user impersonation with improper privileges Moderate
CVE-2024-31865 was published for org.apache.zeppelin:zeppelin-server (Maven) Apr 9, 2024
oscerd
Apache Zeppelin SAP: connecting to a malicious SAP server allowed it to perform XXE Moderate
CVE-2022-47894 was published for org.apache.zeppelin:sap (Maven) Apr 9, 2024
Apache Zeppelin: Denial of service with invalid notebook name Moderate
CVE-2024-31862 was published for org.apache.zeppelin:zeppelin-server (Maven) Apr 9, 2024
Apache Zeppelin Path Traversal vulnerability Moderate
CVE-2024-31860 was published for org.apache.zeppelin:zeppelin-server (Maven) Apr 9, 2024
In vsp driver, there is a possible missing verification incorrect input. This could lead to local... Moderate Unreviewed
CVE-2023-52535 was published Apr 8, 2024
ProTip! Advisories are also available from the GraphQL API