Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,076
Erlang
29
GitHub Actions
19
Go
1,895
Maven
5,000+
npm
3,630
NuGet
638
pip
3,244
Pub
10
RubyGems
862
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

10 advisories

Loading
ServiceNow has addressed a sensitive file read vulnerability that was identified in the... Moderate Unreviewed
CVE-2024-5178 was published Jul 10, 2024
A vulnerability in the NETCONF feature of Cisco IOS XE Software could allow an authenticated,... Moderate Unreviewed
CVE-2024-20278 was published Mar 27, 2024
KaTeX missing normalization of the protocol in URLs allows bypassing forbidden protocols Moderate
CVE-2024-28246 was published for katex (npm) Mar 25, 2024
7085 edemaine
jupenur
Apache NiFi Insufficient Property Validation vulnerability Moderate
CVE-2023-40037 was published for org.apache.nifi:nifi-dbcp-base (Maven) Aug 19, 2023
Cortex's Alertmanager can expose local files content via specially crafted config Moderate
CVE-2022-23536 was published for github.com/cortexproject/cortex (Go) Dec 19, 2022
aus
Multiple vulnerabilities in the REST API endpoint of Cisco Data Center Network Manager (DCNM)... Moderate Unreviewed
CVE-2021-1255 was published May 24, 2022
Multiple vulnerabilities in the REST API endpoint of Cisco Data Center Network Manager (DCNM)... Moderate Unreviewed
CVE-2021-1135 was published May 24, 2022
Incomplete List of Disallowed Inputs in Jenkins Moderate
CVE-2017-2602 was published for org.jenkins-ci.main:jenkins-core (Maven) May 13, 2022
Incomplete blacklist in SOGo before 2.3.12 and 3.x before 3.1.1 allows remote authenticated users... Moderate Unreviewed
CVE-2016-6189 was published May 13, 2022
Incomplete List of Disallowed Inputs in Kubernetes Moderate
CVE-2021-25737 was published for k8s.io/kubernetes (Go) Sep 7, 2021
ProTip! Advisories are also available from the GraphQL API