Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,067
Erlang
29
GitHub Actions
19
Go
1,891
Maven
5,000+
npm
3,624
NuGet
638
pip
3,235
Pub
10
RubyGems
857
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

46 advisories

Loading
gix-path uses local config across repos when it is the highest scope Low
CVE-2024-45305 was published for gix-path (Rust) Sep 3, 2024
EliahKagan martinvonz
Nuxt vulnerable to remote code execution via the browser when running the test locally High
CVE-2024-34344 was published for nuxt (npm) Aug 5, 2024
Ry0taK
TorchServe vulnerable to bypass of allowed_urls configuration Critical
CVE-2024-35198 was published for torchserve (pip) Jul 18, 2024
Avast Premium Security Sandbox Protection Link Following Privilege Escalation Vulnerability. This... High Unreviewed
CVE-2023-42125 was published May 3, 2024
Directus has MySQL accent insensitive email matching High
CVE-2024-27295 was published for directus (npm) Mar 1, 2024
c53julian
Docassemble unauthorized access through URL manipulation High
CVE-2024-27292 was published for docassemble.base (pip) Feb 29, 2024
richighimi
Vite Server Options (server.fs.deny) can be bypassed using double forward-slash (//) High
CVE-2023-34092 was published for vite (npm) Jun 6, 2023
agussetyar thenameisajay
dloetzke
lambdaisland/uri `authority-regex` returns the wrong authority Moderate
CVE-2023-28628 was published for lambdaisland:uri (Maven) Mar 27, 2023
luigigubello plexus
Opencontainers runc Incorrect Authorization vulnerability High
CVE-2023-27561 was published for github.com/opencontainers/runc (Go) Mar 3, 2023
AkihiroSuda
An issue was discovered in Technitium DNS Server through 8.0.2 that allows variant V2 of... Critical Unreviewed
CVE-2022-30258 was published Nov 22, 2022
An issue was discovered in Technitium DNS Server through 8.0.2 that allows variant V1 of... Critical Unreviewed
CVE-2022-30257 was published Nov 22, 2022
Allows a remote user to read files on the camera's OS "GetFileContent.cgi". Reading arbitrary... Moderate Unreviewed
CVE-2022-30621 was published Jul 19, 2022
A use of incorrectly resolved name vulnerability fixed in 7.83.1 might remove the wrong file when... High Unreviewed
CVE-2022-27778 was published Jun 3, 2022
The employee management page of Flygo contains an Insecure Direct Object Reference (IDOR)... Moderate Unreviewed
CVE-2021-37215 was published May 24, 2022
The check-in record page of Flygo contains Insecure Direct Object Reference (IDOR) vulnerability.... Moderate Unreviewed
CVE-2021-37213 was published May 24, 2022
The bulletin function of Flygo contains Insecure Direct Object Reference (IDOR) vulnerability.... Moderate Unreviewed
CVE-2021-37212 was published May 24, 2022
The employee management page of Flygo contains Insecure Direct Object Reference (IDOR)... High Unreviewed
CVE-2021-37214 was published May 24, 2022
libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse,... High Unreviewed
CVE-2021-22924 was published May 24, 2022
CSZ CMS 1.2.9 is vulnerable to Arbitrary File Deletion. This occurs in PHP when the unlink()... Critical Unreviewed
CVE-2021-37144 was published May 24, 2022
Sourcecodester Phone Shop Sales Managements System 1.0 is vulnerable to Insecure Direct Object... Moderate Unreviewed
CVE-2021-35337 was published May 24, 2022
Firely/Incendi Spark before 1.5.5-r4 lacks Content-Disposition headers in certain situations,... Moderate Unreviewed
CVE-2021-32054 was published May 24, 2022
The IBM Cloud APM 8.1.4 server will issue a DNS request to resolve any hostname specified in the... Moderate Unreviewed
CVE-2020-4719 was published May 24, 2022
An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.2. An... Moderate Unreviewed
CVE-2020-35566 was published May 24, 2022
MobileIron Core and Connector before 10.3.0.4, 10.4.x before 10.4.0.4, 10.5.x before 10.5.1.1, 10... High Unreviewed
CVE-2020-15505 was published May 24, 2022
An issue was discovered in libgit2 before 0.28.4 and 0.9x before 0.99.0. checkout.c mishandles... High Unreviewed
CVE-2020-12279 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API