GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,076
Erlang
29
GitHub Actions
19
Go
1,895
Maven
5,000+
npm
3,630
NuGet
638
pip
3,244
Pub
10
RubyGems
862
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
759 advisories
Filter by severity
Pega Platform versions 8.1 to Infinity 24.1.2 are affected by an HTML Injection issue with Stage.
Moderate
Unreviewed
CVE-2024-6702
was published
Sep 12, 2024
A Host header injection vulnerability in the password reset function of LimeSurvey v.6.6.1+240806...
Moderate
Unreviewed
CVE-2024-42903
was published
Sep 3, 2024
A resource misdirection vulnerability in GitLab CE/EE versions 12.0 prior to 17.0.5, 17.1 prior...
Low
Unreviewed
CVE-2024-0231
was published
Jul 25, 2024
A vulnerability has been identified in SCALANCE XB205-3 (SC, PN) (All versions < V4.5), SCALANCE...
Critical
Unreviewed
CVE-2023-44373
was published
Nov 14, 2023
A low privileged remote attacker can perform configuration changes of the firewall services,...
Moderate
Unreviewed
CVE-2024-43393
was published
Sep 10, 2024
A low privileged remote attacker with write permissions can reconfigure the SNMP service due to...
High
Unreviewed
CVE-2024-43388
was published
Sep 10, 2024
A low privileged remote attacker can perform configuration changes of the ospf service through...
Moderate
Unreviewed
CVE-2024-43389
was published
Sep 10, 2024
A low privileged remote attacker can perform configuration changes of the firewall services,...
Moderate
Unreviewed
CVE-2024-43390
was published
Sep 10, 2024
A low privileged remote attacker can perform configuration changes of the firewall services,...
Moderate
Unreviewed
CVE-2024-43392
was published
Sep 10, 2024
A low privileged remote attacker can perform configuration changes of the firewall services,...
Moderate
Unreviewed
CVE-2024-43391
was published
Sep 10, 2024
Fault Injection vulnerability in wc_ed25519_sign_msg function in wolfssl/wolfcrypt/src/ed25519.c...
Moderate
Unreviewed
CVE-2024-2881
was published
Aug 30, 2024
Fault Injection vulnerability in RsaPrivateDecryption function in wolfssl/wolfcrypt/src/rsa.c in...
Moderate
Unreviewed
CVE-2024-1545
was published
Aug 30, 2024
A vulnerability was found in HM Courts & Tribunals Service Probate Back Office up to...
Moderate
Unreviewed
CVE-2024-8367
was published
Sep 1, 2024
SSH dissector crash in Wireshark 4.0.0 to 4.0.10 allows denial of service via packet injection or...
Moderate
Unreviewed
CVE-2023-6174
was published
Nov 16, 2023
A host header injection vulnerability exists in the forgot password functionality of ArrowCMS...
Critical
Unreviewed
CVE-2024-42914
was published
Aug 23, 2024
A CRLF injection vulnerability in E-Staff v5.1 allows attackers to insert Carriage Return (CR)...
Critical
Unreviewed
CVE-2024-40324
was published
Jul 25, 2024
Improper neutralization of active check command arguments in Checkmk < 2.1.0p32, < 2.0.0p38, < 2...
High
Unreviewed
CVE-2023-31209
was published
Aug 10, 2023
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 and 11.5 is vulnerable to...
Moderate
Unreviewed
CVE-2024-31882
was published
Aug 14, 2024
stitionai/devika main branch as of commit cdfb782b0e634b773b10963c8034dc9207ba1f9f is vulnerable...
High
Unreviewed
CVE-2024-6331
was published
Aug 4, 2024
GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000...
Critical
Unreviewed
CVE-2024-39227
was published
Aug 6, 2024
A vulnerability was found in playSMS 1.4.3. It has been declared as problematic. Affected by this...
Moderate
Unreviewed
CVE-2024-6469
was published
Jul 3, 2024
A vulnerability was found in playSMS 1.4.3. It has been rated as problematic. Affected by this...
Moderate
Unreviewed
CVE-2024-6470
was published
Jul 3, 2024
An injection issue was addressed with improved input validation. This issue is fixed in macOS...
High
Unreviewed
CVE-2024-23268
was published
Mar 8, 2024
An injection issue was addressed with improved input validation. This issue is fixed in macOS...
High
Unreviewed
CVE-2024-23274
was published
Mar 8, 2024
DrayTek Vigor2960 1.3.1_Beta; Vigor3900 1.4.4_Beta; and Vigor300B 1.3.3_Beta, 1.4.2.1_Beta, and 1...
High
Unreviewed
CVE-2020-8515
was published
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API