GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,653
Erlang
29
GitHub Actions
16
Go
1,706
Maven
4,938
npm
3,471
NuGet
603
pip
2,985
Pub
10
RubyGems
826
Rust
772
Swift
34
Unreviewed advisories
All unreviewed
5,000+
10,530 advisories
Filter by severity
Laravel Encrypter Failure to decryption vulnerability
Low
GHSA-6wjw-qf87-fv5v
was published
for
illuminate/encryption
(Composer)
May 15, 2024
datadog/dd-trace Circumvents open_basedir INI directive
Low
GHSA-qvgg-r6rq-vwfx
was published
for
datadog/dd-trace
(Composer)
May 15, 2024
Broken Authentication vulnerability discovered in OpenText™ iManager 3.2.6.0200. This...
Low
Unreviewed
CVE-2024-3487
was published
May 15, 2024
On Windows systems, the Arc configuration files resulted to be world-readable.
This can lead...
Low
Unreviewed
CVE-2023-5937
was published
May 15, 2024
Duplicate Advisory: Nokogiri updates packaged libxml2 to v2.12.7 to resolve CVE-2024-34459
Low
GHSA-r3w4-36x6-7r99
was published
for
nokogiri
(RubyGems)
May 14, 2024
•
withdrawn
Grafana Forward OAuth Identity Token can allow users to access some data sources
Low
CVE-2022-21673
was published
for
github.com/grafana/grafana
(Go)
May 14, 2024
containerd started with non-empty inheritable Linux process capabilities
Low
GHSA-c9cp-9c75-9v8c
was published
for
github.com/containerd/containerd
(Go)
May 14, 2024
NATS server TLS missing ciphersuite settings when CLI flags used
Low
CVE-2021-32026
was published
for
github.com/nats-io/nats-server/v2
(Go)
May 14, 2024
sshproxy vulnerable to SSH option injection
Low
CVE-2024-34713
was published
for
github.com/cea-hpc/sshproxy
(Go)
May 14, 2024
TYPO3 vulnerable to an HTML Injection in the History Module
Low
CVE-2024-34355
was published
for
typo3/cms-core
(Composer)
May 14, 2024
A vulnerability has been identified in SIMATIC RTLS Locating Manager (6GT2780-0DA00) (All...
Low
Unreviewed
CVE-2024-33583
was published
May 14, 2024
A vulnerability has been identified in Parasolid V35.1 (All versions < V35.1.256), Parasolid V36...
Low
Unreviewed
CVE-2024-32637
was published
May 14, 2024
PDFViewer is a control delivered as part of SAPUI5 product which shows the PDF content in an...
Low
Unreviewed
CVE-2024-33007
was published
May 14, 2024
SAP Bank Account Management does not perform necessary authorization check for an authorized user...
Low
Unreviewed
CVE-2024-33000
was published
May 14, 2024
Memory handling issue in editcap could cause denial of service via crafted capture file
Low
Unreviewed
CVE-2024-4853
was published
May 14, 2024
Use after free issue in editcap could cause denial of service via crafted capture file
Low
Unreviewed
CVE-2024-4855
was published
May 14, 2024
Missing authorization in PostgreSQL built-in views pg_stats_ext and pg_stats_ext_exprs allows an...
Low
Unreviewed
CVE-2024-4317
was published
May 14, 2024
Duplicate Advisory: AVideo cross-site scripting vulnerability in the view/about.php page
Low
GHSA-qvwg-c35p-rqhj
was published
for
wwbn/avideo
(Composer)
May 14, 2024
•
withdrawn
Insufficient verification vulnerability in the system sharing pop-up module
Impact: Successful...
Low
Unreviewed
CVE-2024-32989
was published
May 14, 2024
IBM Security Guardium 11.3, 11.4, 11.5, and 12.0 could allow an authenticated user to upload...
Low
Unreviewed
CVE-2023-47711
was published
May 14, 2024
Nokogiri updates packaged libxml2 to v2.12.7 to resolve CVE-2024-34459
Low
GHSA-r95h-9x8f-r3f7
was published
for
nokogiri
(RubyGems)
May 13, 2024
octo-sts vulnerable to unauthenticated attacker causing unbounded CPU and memory usage
Low
CVE-2024-34079
was published
for
github.com/octo-sts/app
(Go)
May 13, 2024
Sylius potentially vulnerable to Cross Site Scripting via "Name" field (Taxons, Products, Options, Variants) in Admin Panel
Low
CVE-2024-34349
was published
for
sylius/sylius
(Composer)
May 10, 2024
thelounge may publicly disclose of all usernames/idents via port 113
Low
GHSA-g49q-jw42-6x85
was published
for
thelounge
(npm)
May 9, 2024
Dell Update Manager Plugin, versions 1.4.0 through 1.5.0, contains a Plain-text Password Storage...
Low
Unreviewed
CVE-2024-28971
was published
May 8, 2024
ProTip!
Advisories are also available from the
GraphQL API