GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,076
Erlang
29
GitHub Actions
19
Go
1,895
Maven
5,000+
npm
3,630
NuGet
638
pip
3,244
Pub
10
RubyGems
862
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
351 advisories
Filter by severity
Apache Druid: Users can provide MySQL JDBC properties not on allow list
Low
CVE-2024-45537
was published
for
org.apache.druid:druid
(Maven)
Sep 17, 2024
Concrete CMS Stored Cross-site Scripting vulnerability
Low
CVE-2024-2179
was published
for
concrete5/concrete5
(Composer)
Mar 5, 2024
Improper Input Validation in Checkmk <2.2.0p15, <2.1.0p37, <=2.0.0p39 allows priviledged...
Low
Unreviewed
CVE-2023-23549
was published
Nov 15, 2023
Concrete CMS Stored Cross-site Scripting vulnerability
Low
CVE-2024-4350
was published
for
concrete5/concrete5
(Composer)
Aug 12, 2024
Improper input validation for some Intel(R) Distribution for GDB software before version 2024.0.1...
Low
Unreviewed
CVE-2024-24973
was published
Aug 14, 2024
Improper input validation in AMD μProf could allow an attacker to perform a write to an invalid...
Low
Unreviewed
CVE-2023-31366
was published
Aug 13, 2024
Concrete CMS Stored XSS in getAttributeSetName
Low
CVE-2024-7394
was published
for
concrete5/concrete5
(Composer)
Aug 8, 2024
Concrete CMS Stored XSS in blocks of type file
Low
CVE-2024-3180
was published
for
concrete5/concrete5
(Composer)
Apr 3, 2024
Concrete CMS vulnerable to Stored Cross-site Scripting
Low
CVE-2024-4353
was published
for
concrete5/concrete5
(Composer)
Aug 1, 2024
Improper Input Validation of query search results for private field data in PingIDM OPENIDM ...
Low
Unreviewed
CVE-2024-23600
was published
Aug 1, 2024
The fuels-ts typescript SDK has no awareness of to-be-spent transactions
Low
CVE-2024-41945
was published
for
@fuel-ts/account
(npm)
Jul 30, 2024
The `size` option isn't honored after following a redirect in node-fetch
Low
CVE-2020-15168
was published
for
node-fetch
(npm)
Sep 10, 2020
Kubernetes allows bypassing mountable secrets policy imposed by the ServiceAccount admission plugin
Low
CVE-2024-3177
was published
for
k8s.io/kubernetes
(Go)
Apr 23, 2024
Insufficient verification vulnerability in the system sharing pop-up module
Impact: Successful...
Low
Unreviewed
CVE-2024-32989
was published
May 14, 2024
Adobe Experience Manager versions 6.5.20 and earlier are affected by an Improper Input Validation...
Low
Unreviewed
CVE-2024-36226
was published
Jun 13, 2024
Adobe Experience Manager versions 6.5.20 and earlier are affected by an Improper Input Validation...
Low
Unreviewed
CVE-2024-26127
was published
Jun 13, 2024
Adobe Experience Manager versions 6.5.20 and earlier are affected by an Improper Input Validation...
Low
Unreviewed
CVE-2024-26126
was published
Jun 13, 2024
Improper input validation in some Intel(R) CBI software before version 1.1.0 may allow an...
Low
Unreviewed
CVE-2023-43745
was published
May 16, 2024
httplib2 incorrectly checks SSL certificate
Low
CVE-2013-2037
was published
for
httplib2
(pip)
May 14, 2022
Dell Repository Manager, versions 3.4.2 through 3.4.4,contains a Path Traversal vulnerability in...
Low
Unreviewed
CVE-2024-28977
was published
Apr 24, 2024
cPanel before 74.0.8 allows local users to disable the ClamAV daemon (SEC-409).
Low
Unreviewed
CVE-2018-20873
was published
May 24, 2022
cPanel before 74.0.0 allows file-rename operations during account renames (SEC-442).
Low
Unreviewed
CVE-2018-20893
was published
May 24, 2022
The get_parent_resource function in repos.c in mod_dav_svn Apache HTTPD server module in...
Low
Unreviewed
CVE-2013-4558
was published
May 17, 2022
When curl is used to retrieve and parse cookies from a HTTP(S) server, itaccepts cookies using...
Low
Unreviewed
CVE-2022-35252
was published
Sep 25, 2022
NVIDIA nvTIFF Library for Windows and Linux contains a vulnerability where improper input...
Low
Unreviewed
CVE-2024-0080
was published
Apr 5, 2024
ProTip!
Advisories are also available from the
GraphQL API