Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,189
Erlang
31
GitHub Actions
19
Go
1,985
Maven
5,000+
npm
3,701
NuGet
657
pip
3,326
Pub
11
RubyGems
882
Rust
836
Swift
35
Unreviewed advisories
All unreviewed
5,000+

44 advisories

Loading
In the Linux kernel, the following vulnerability has been resolved: s390/pkey: Use... Moderate Unreviewed
CVE-2024-42158 was published Jul 30, 2024
yt-dlp File system modification and RCE through improper file-extension sanitization High
CVE-2024-38519 was published for yt-dlp (pip) Jul 2, 2024
pukkandan JarLob
Grub4K
urllib3's Proxy-Authorization request header isn't stripped during cross-origin redirects Moderate
CVE-2024-37891 was published for urllib3 (pip) Jun 17, 2024
pquentin illia-v
Moby's external DNS requests from 'internal' networks could lead to data exfiltration Moderate
CVE-2024-29018 was published for github.com/docker/docker (Go) Mar 20, 2024
robmry akerouanton
neersighted gabriellavengeo cibofo
Broadcast permission control vulnerability in the Bluetooth module.Successful exploitation of... High Unreviewed
CVE-2023-44100 was published Oct 11, 2023
Broadcast permission control vulnerability in the Bluetooth module.Successful exploitation of... High Unreviewed
CVE-2023-44104 was published Oct 11, 2023
An issue was discovered in the Shannon RCS component in Samsung Exynos Modem 5123 and 5300.... Critical Unreviewed
CVE-2023-31114 was published Jun 7, 2023
An issue was discovered in the Shannon RCS component in Samsung Exynos Modem 5123 and 5300.... High Unreviewed
CVE-2023-31115 was published Jun 7, 2023
An issue was discovered in TigerGraph Enterprise Free Edition 3.x. Data loading jobs in... Moderate Unreviewed
CVE-2023-22950 was published Apr 13, 2023
Elrond-GO processing: fallback search of SCRs when not found in the main cache High
CVE-2022-46173 was published for github.com/ElrondNetwork/elrond-go (Go) Dec 30, 2022
PHP Remote File Inclusion in GitHub repository tsolucio/corebos prior to 8.0. Critical Unreviewed
CVE-2022-4446 was published Dec 13, 2022
parse-server's session object properties can be updated by foreign user if object ID is known Moderate
CVE-2022-39225 was published for parse-server (npm) Sep 21, 2022
Unisphere for PowerMax versions before 9.2.3.15 contain a privilege escalation vulnerability. An... High Unreviewed
CVE-2022-31233 was published Sep 1, 2022
OpenZeppelin Contracts's Cross chain utilities for Arbitrum L2 see EOA calls as cross chain calls Moderate
CVE-2022-35916 was published for @openzeppelin/contracts (npm) Aug 14, 2022
A CWE-669: Incorrect Resource Transfer Between Spheres vulnerability exists that could allow... High Unreviewed
CVE-2022-30236 was published Jun 3, 2022
The HM Multiple Roles WordPress plugin before 1.3 does not have any access control to prevent low... High Unreviewed
CVE-2021-24602 was published May 24, 2022
In MB connect line mymbCONNECT24, mbCONNECT24 in versions <= 2.8.0 an authenticated attacker can... Moderate Unreviewed
CVE-2021-34574 was published May 24, 2022
Firefox used to cache the last filename used for printing a file. When generating a filename for... Moderate Unreviewed
CVE-2021-29960 was published May 24, 2022
A vulnerability allowed multiple unrestricted uploads in Pulse Connect Secure before 9.1R11.4... High Unreviewed
CVE-2021-22900 was published May 24, 2022
Dell Unisphere for PowerMax versions prior to 9.2.1.6 contain an Authorization Bypass... High Unreviewed
CVE-2021-21531 was published May 24, 2022
Dell EMC iDRAC9 versions prior to 4.40.00.00 contain an improper authentication vulnerability. A... Moderate Unreviewed
CVE-2021-21544 was published May 24, 2022
IBM Security Verify Information Queue 1.0.6 and 1.0.7 could allow a user to impersonate another... High Unreviewed
CVE-2021-20411 was published May 24, 2022
In SOOIL Developments Co., Ltd Diabecare RS, AnyDana-i and AnyDana-A, a client-side control... Moderate Unreviewed
CVE-2020-27268 was published May 24, 2022
The affected versions of S+ Operations (version 2.1 SP1 and earlier) used an approach for user... Critical Unreviewed
CVE-2020-24683 was published May 24, 2022
An issue was discovered in apply.cgi on D-Link DAP-1520 devices before 1.10b04Beta02. Whenever a... High Unreviewed
CVE-2020-15892 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database