Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,067
Erlang
29
GitHub Actions
19
Go
1,891
Maven
5,000+
npm
3,624
NuGet
638
pip
3,235
Pub
10
RubyGems
857
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

1,088 advisories

Loading
Pega Platform versions 8.1 to Infinity 24.1.2 are affected by an HTML Injection issue with Stage. Moderate Unreviewed
CVE-2024-6702 was published Sep 12, 2024
A Host header injection vulnerability in the password reset function of LimeSurvey v.6.6.1+240806... Moderate Unreviewed
CVE-2024-42903 was published Sep 3, 2024
Content-Security-Policy header generation in middleware could be compromised by malicious injections High
CVE-2024-29896 was published for @kindspells/astro-shield (npm) Mar 29, 2024
castarco
A resource misdirection vulnerability in GitLab CE/EE versions 12.0 prior to 17.0.5, 17.1 prior... Low Unreviewed
CVE-2024-0231 was published Jul 25, 2024
D-Tale vulnerable to Remote Code Execution through the Query input on Chart Builder Moderate
CVE-2024-45595 was published for dtale (pip) Sep 10, 2024
AfterSnows
Ansible Code Injection Vulnerability Critical
CVE-2014-4678 was published for ansible (pip) May 24, 2022
Ansible Arbitrary Code Execution Critical
CVE-2014-4967 was published for ansible (pip) May 17, 2022
Ansible Arbitrary Code Execution Critical
CVE-2014-4966 was published for ansible (pip) May 17, 2022
A vulnerability has been identified in SCALANCE XB205-3 (SC, PN) (All versions < V4.5), SCALANCE... Critical Unreviewed
CVE-2023-44373 was published Nov 14, 2023
A low privileged remote attacker can perform configuration changes of the firewall services,... Moderate Unreviewed
CVE-2024-43393 was published Sep 10, 2024
A low privileged remote attacker with write permissions can reconfigure the SNMP service due to... High Unreviewed
CVE-2024-43388 was published Sep 10, 2024
A low privileged remote attacker can perform configuration changes of the ospf service through... Moderate Unreviewed
CVE-2024-43389 was published Sep 10, 2024
A low privileged remote attacker can perform configuration changes of the firewall services,... Moderate Unreviewed
CVE-2024-43390 was published Sep 10, 2024
A low privileged remote attacker can perform configuration changes of the firewall services,... Moderate Unreviewed
CVE-2024-43392 was published Sep 10, 2024
A low privileged remote attacker can perform configuration changes of the firewall services,... Moderate Unreviewed
CVE-2024-43391 was published Sep 10, 2024
Fault Injection vulnerability in wc_ed25519_sign_msg function in wolfssl/wolfcrypt/src/ed25519.c... Moderate Unreviewed
CVE-2024-2881 was published Aug 30, 2024
Fault Injection vulnerability in RsaPrivateDecryption function in wolfssl/wolfcrypt/src/rsa.c in... Moderate Unreviewed
CVE-2024-1545 was published Aug 30, 2024
A vulnerability was found in HM Courts & Tribunals Service Probate Back Office up to... Moderate Unreviewed
CVE-2024-8367 was published Sep 1, 2024
SSH dissector crash in Wireshark 4.0.0 to 4.0.10 allows denial of service via packet injection or... Moderate Unreviewed
CVE-2023-6174 was published Nov 16, 2023
Withdrawn Advisory: Litestar has an environment Variable injection in `docs-preview.yml` workflow High
CVE-2024-42370 was published for litestar (pip) Aug 9, 2024 withdrawn
pwntester JacobCoffee
A host header injection vulnerability exists in the forgot password functionality of ArrowCMS... Critical Unreviewed
CVE-2024-42914 was published Aug 23, 2024
A CRLF injection vulnerability in E-Staff v5.1 allows attackers to insert Carriage Return (CR)... Critical Unreviewed
CVE-2024-40324 was published Jul 25, 2024
Improper neutralization of active check command arguments in Checkmk < 2.1.0p32, < 2.0.0p38, < 2... High Unreviewed
CVE-2023-31209 was published Aug 10, 2023
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 and 11.5 is vulnerable to... Moderate Unreviewed
CVE-2024-31882 was published Aug 14, 2024
RDoc RCE vulnerability with .rdoc_options Moderate
CVE-2024-27281 was published for rdoc (RubyGems) Mar 25, 2024
ProTip! Advisories are also available from the GraphQL API