GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,902
Maven
5,000+
npm
3,631
NuGet
638
pip
3,246
Pub
10
RubyGems
863
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
4,821 advisories
Filter by severity
Dell PowerScale OneFS versions 8.2.x through 9.7.0.1 contains an improper input validation...
Moderate
Unreviewed
CVE-2024-25970
was published
May 14, 2024
Permission verification vulnerability in the system sharing pop-up module
Impact: Successful...
Moderate
Unreviewed
CVE-2024-32990
was published
May 14, 2024
A Segmentation Fault issue discovered in
Samsung Open Source Escargot JavaScript engine
...
Moderate
Unreviewed
CVE-2024-32672
was published
May 14, 2024
An improper authorization level has been detected in the login panel. It may lead to...
Moderate
Unreviewed
CVE-2023-7240
was published
May 7, 2024
Unified Automation UaGateway OPC UA Server Improper Input Validation Denial-of-Service...
Moderate
Unreviewed
CVE-2023-32170
was published
May 3, 2024
A vulnerability on Mitel 6800 Series and 6900 Series SIP Phones, including 6970 Conference Unit,...
Moderate
Unreviewed
CVE-2024-31965
was published
May 2, 2024
Dell OpenManage Enterprise, versions prior to 4.1.0, contains an XSS injection vulnerability in...
Moderate
Unreviewed
CVE-2024-28979
was published
May 1, 2024
vyper performs incorrect topic logging in raw_log
Moderate
CVE-2024-32645
was published
for
vyper
(pip)
Apr 25, 2024
vyper performs double eval of the slice start/length args in certain cases
Moderate
CVE-2024-32646
was published
for
vyper
(pip)
Apr 25, 2024
Unicode transformation vulnerability in Hyperion affecting version 2.0.15. This vulnerability...
Moderate
Unreviewed
CVE-2024-4175
was published
Apr 25, 2024
Keycloak Cross-site Scripting (XSS) via assertion consumer service URL in SAML POST-binding flow
Moderate
CVE-2023-6717
was published
for
org.keycloak:keycloak-services
(Maven)
Apr 17, 2024
Improper Input Validation vulnerability in Saturday Drive Ninja Forms Contact Form.This issue...
Moderate
Unreviewed
CVE-2023-36505
was published
Apr 17, 2024
An Improper Input Validation vulnerability in Juniper Tunnel Driver (jtd) and ICMP module of...
Moderate
Unreviewed
CVE-2024-21590
was published
Apr 12, 2024
A flaw was found in FreeIPA. This issue may allow a remote attacker to craft a HTTP request with...
Moderate
Unreviewed
CVE-2024-1481
was published
Apr 10, 2024
In mintplex-labs/anything-llm, an improper input validation vulnerability allows attackers to...
Moderate
Unreviewed
CVE-2024-3101
was published
Apr 10, 2024
mysql2 cache poisoning vulnerability
Moderate
CVE-2024-21507
was published
for
mysql2
(npm)
Apr 10, 2024
Apache Zeppelin: LDAP search filter query Injection Vulnerability
Moderate
CVE-2024-31867
was published
for
org.apache.zeppelin:zeppelin-server
(Maven)
Apr 9, 2024
Windows rndismp6.sys Remote Code Execution Vulnerability
Moderate
Unreviewed
CVE-2024-26253
was published
Apr 9, 2024
Secure Boot Security Feature Bypass Vulnerability
Moderate
Unreviewed
CVE-2024-28897
was published
Apr 9, 2024
Apache Zeppelin: Cron arbitrary user impersonation with improper privileges
Moderate
CVE-2024-31865
was published
for
org.apache.zeppelin:zeppelin-server
(Maven)
Apr 9, 2024
Apache Zeppelin SAP: connecting to a malicious SAP server allowed it to perform XXE
Moderate
CVE-2022-47894
was published
for
org.apache.zeppelin:sap
(Maven)
Apr 9, 2024
Apache Zeppelin: Denial of service with invalid notebook name
Moderate
CVE-2024-31862
was published
for
org.apache.zeppelin:zeppelin-server
(Maven)
Apr 9, 2024
Apache Zeppelin Path Traversal vulnerability
Moderate
CVE-2024-31860
was published
for
org.apache.zeppelin:zeppelin-server
(Maven)
Apr 9, 2024
In vsp driver, there is a possible missing verification incorrect input. This could lead to local...
Moderate
Unreviewed
CVE-2023-52535
was published
Apr 8, 2024
ProTip!
Advisories are also available from the
GraphQL API