Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,076
Erlang
29
GitHub Actions
19
Go
1,895
Maven
5,000+
npm
3,630
NuGet
638
pip
3,244
Pub
10
RubyGems
862
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

351 advisories

Loading
Apache Druid: Users can provide MySQL JDBC properties not on allow list Low
CVE-2024-45537 was published for org.apache.druid:druid (Maven) Sep 17, 2024
Concrete CMS Stored Cross-site Scripting vulnerability Low
CVE-2024-2179 was published for concrete5/concrete5 (Composer) Mar 5, 2024
Improper Input Validation in Checkmk <2.2.0p15, <2.1.0p37, <=2.0.0p39 allows priviledged... Low Unreviewed
CVE-2023-23549 was published Nov 15, 2023
Concrete CMS Stored Cross-site Scripting vulnerability Low
CVE-2024-4350 was published for concrete5/concrete5 (Composer) Aug 12, 2024
Improper input validation for some Intel(R) Distribution for GDB software before version 2024.0.1... Low Unreviewed
CVE-2024-24973 was published Aug 14, 2024
Improper input validation in AMD μProf could allow an attacker to perform a write to an invalid... Low Unreviewed
CVE-2023-31366 was published Aug 13, 2024
Concrete CMS Stored XSS in getAttributeSetName Low
CVE-2024-7394 was published for concrete5/concrete5 (Composer) Aug 8, 2024
Concrete CMS Stored XSS in blocks of type file Low
CVE-2024-3180 was published for concrete5/concrete5 (Composer) Apr 3, 2024
Concrete CMS vulnerable to Stored Cross-site Scripting Low
CVE-2024-4353 was published for concrete5/concrete5 (Composer) Aug 1, 2024
Improper Input Validation of query search results for private field data in PingIDM OPENIDM ... Low Unreviewed
CVE-2024-23600 was published Aug 1, 2024
The fuels-ts typescript SDK has no awareness of to-be-spent transactions Low
CVE-2024-41945 was published for @fuel-ts/account (npm) Jul 30, 2024
Torres-ssf danielbate
Dhaiwat10 petertonysmith94 maschad arboleya
The `size` option isn't honored after following a redirect in node-fetch Low
CVE-2020-15168 was published for node-fetch (npm) Sep 10, 2020
rynop tdunlap607
ziviseal
Kubernetes allows bypassing mountable secrets policy imposed by the ServiceAccount admission plugin Low
CVE-2024-3177 was published for k8s.io/kubernetes (Go) Apr 23, 2024
Insufficient verification vulnerability in the system sharing pop-up module Impact: Successful... Low Unreviewed
CVE-2024-32989 was published May 14, 2024
Adobe Experience Manager versions 6.5.20 and earlier are affected by an Improper Input Validation... Low Unreviewed
CVE-2024-36226 was published Jun 13, 2024
Adobe Experience Manager versions 6.5.20 and earlier are affected by an Improper Input Validation... Low Unreviewed
CVE-2024-26127 was published Jun 13, 2024
Adobe Experience Manager versions 6.5.20 and earlier are affected by an Improper Input Validation... Low Unreviewed
CVE-2024-26126 was published Jun 13, 2024
Improper input validation in some Intel(R) CBI software before version 1.1.0 may allow an... Low Unreviewed
CVE-2023-43745 was published May 16, 2024
httplib2 incorrectly checks SSL certificate Low
CVE-2013-2037 was published for httplib2 (pip) May 14, 2022
Dell Repository Manager, versions 3.4.2 through 3.4.4,contains a Path Traversal vulnerability in... Low Unreviewed
CVE-2024-28977 was published Apr 24, 2024
cPanel before 74.0.8 allows local users to disable the ClamAV daemon (SEC-409). Low Unreviewed
CVE-2018-20873 was published May 24, 2022
cPanel before 74.0.0 allows file-rename operations during account renames (SEC-442). Low Unreviewed
CVE-2018-20893 was published May 24, 2022
The get_parent_resource function in repos.c in mod_dav_svn Apache HTTPD server module in... Low Unreviewed
CVE-2013-4558 was published May 17, 2022
When curl is used to retrieve and parse cookies from a HTTP(S) server, itaccepts cookies using... Low Unreviewed
CVE-2022-35252 was published Sep 25, 2022
NVIDIA nvTIFF Library for Windows and Linux contains a vulnerability where improper input... Low Unreviewed
CVE-2024-0080 was published Apr 5, 2024
ProTip! Advisories are also available from the GraphQL API