GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,902
Maven
5,000+
npm
3,631
NuGet
638
pip
3,246
Pub
10
RubyGems
863
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
9,757 advisories
Filter by severity
A vulnerability, which was classified as problematic, was found in playSMS 1.4.3. Affected is an...
Low
Unreviewed
CVE-2024-6251
was published
Jun 22, 2024
A vulnerability has been found in Zorlan SkyCaiji up to 2.8 and classified as problematic....
Low
Unreviewed
CVE-2024-6252
was published
Jun 22, 2024
Relative path traversal in the Zoom Client SDK before version 5.15.0 may allow an unauthorized...
Low
Unreviewed
CVE-2023-34117
was published
Jul 11, 2023
The CMP CLI client in KeyFactor EJBCA before 8.3.1 has only 6 octets of salt, and is thus not...
Low
Unreviewed
CVE-2024-36066
was published
Sep 12, 2024
An issue was discovered in GitLab CE/EE affecting all versions starting from 16.7 prior to 17.1.7...
Low
Unreviewed
CVE-2024-6685
was published
Sep 17, 2024
Dell Precision Rack, 14G Intel BIOS versions prior to 2.22.2, contains an Access of Memory...
Low
Unreviewed
CVE-2024-42425
was published
Sep 10, 2024
Out-of-bounds read in UEFI firmware for some Intel(R) Processors may allow a privileged user to...
Low
Unreviewed
CVE-2023-25546
was published
Sep 16, 2024
Improper access control in Intel(R) RAID Web Console software all versions may allow an...
Low
Unreviewed
CVE-2024-36261
was published
Sep 16, 2024
Improper access control in Intel(R) RAID Web Console all versions may allow an authenticated user...
Low
Unreviewed
CVE-2024-28170
was published
Sep 16, 2024
An information disclosure vulnerability was reported in the Lenovo Tab M8 HD that could allow a...
Low
Unreviewed
CVE-2023-5081
was published
Jan 19, 2024
A flaw was found in PostgreSQL involving the pg_cancel_backend role that signals background...
Low
Unreviewed
CVE-2023-5870
was published
Dec 10, 2023
In JetBrains IntelliJ IDEA before 2024.1 hTML injection via the project name was possible
Low
Unreviewed
CVE-2024-46970
was published
Sep 16, 2024
An improper certificate validation vulnerability has been reported to affect QuMagie. If...
Low
Unreviewed
CVE-2024-38642
was published
Sep 6, 2024
A vulnerability classified as critical has been found in TOTOLINK A720R 4.1.5. Affected is the...
Low
Unreviewed
CVE-2024-8869
was published
Sep 16, 2024
A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK. An...
Low
Unreviewed
CVE-2024-45617
was published
Sep 4, 2024
A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK. An...
Low
Unreviewed
CVE-2024-45616
was published
Sep 4, 2024
A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK. An...
Low
Unreviewed
CVE-2024-45615
was published
Sep 4, 2024
A vulnerability, which was classified as problematic, has been found in PHPVibe 11.0.46. This...
Low
Unreviewed
CVE-2024-6082
was published
Jun 18, 2024
A vulnerability was found in pkcs15-init in OpenSC. An attacker could use a crafted USB Device or...
Low
Unreviewed
CVE-2024-45618
was published
Sep 4, 2024
An issue has been discovered in GitLab affecting all versions starting from 17.1 to 17.1.7, 17.2...
Low
Unreviewed
CVE-2024-6446
was published
Sep 12, 2024
Logitech Options+ on MacOS prior 1.72 allows a local attacker to inject dynamic library within...
Low
Unreviewed
CVE-2024-8011
was published
Aug 25, 2024
A resource misdirection vulnerability in GitLab CE/EE versions 12.0 prior to 17.0.5, 17.1 prior...
Low
Unreviewed
CVE-2024-0231
was published
Jul 25, 2024
In Xpdf 4.05 (and earlier), invalid header info in a DCT (JPEG) stream can lead to an...
Low
Unreviewed
CVE-2024-7868
was published
Aug 15, 2024
Affected versions of Octopus Server had a weak content security policy.
Low
Unreviewed
CVE-2024-1656
was published
Sep 11, 2024
Sensitive information disclosure due to excessive collection of system information. The following...
Low
Unreviewed
CVE-2023-48680
was published
Feb 27, 2024
ProTip!
Advisories are also available from the
GraphQL API