Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,653
Erlang
29
GitHub Actions
16
Go
1,706
Maven
4,938
npm
3,471
NuGet
603
pip
2,985
Pub
10
RubyGems
826
Rust
772
Swift
34
Unreviewed advisories
All unreviewed
5,000+

10,530 advisories

Laravel Encrypter Failure to decryption vulnerability Low
GHSA-6wjw-qf87-fv5v was published for illuminate/encryption (Composer) May 15, 2024
datadog/dd-trace Circumvents open_basedir INI directive Low
GHSA-qvgg-r6rq-vwfx was published for datadog/dd-trace (Composer) May 15, 2024
Broken Authentication vulnerability discovered in OpenText™ iManager 3.2.6.0200. This... Low Unreviewed
CVE-2024-3487 was published May 15, 2024
On Windows systems, the Arc configuration files resulted to be world-readable. This can lead... Low Unreviewed
CVE-2023-5937 was published May 15, 2024
Duplicate Advisory: Nokogiri updates packaged libxml2 to v2.12.7 to resolve CVE-2024-34459 Low
GHSA-r3w4-36x6-7r99 was published for nokogiri (RubyGems) May 14, 2024 withdrawn
Grafana Forward OAuth Identity Token can allow users to access some data sources Low
CVE-2022-21673 was published for github.com/grafana/grafana (Go) May 14, 2024
mxalis
containerd started with non-empty inheritable Linux process capabilities Low
GHSA-c9cp-9c75-9v8c was published for github.com/containerd/containerd (Go) May 14, 2024
NATS server TLS missing ciphersuite settings when CLI flags used Low
CVE-2021-32026 was published for github.com/nats-io/nats-server/v2 (Go) May 14, 2024
lukas-braune
sshproxy vulnerable to SSH option injection Low
CVE-2024-34713 was published for github.com/cea-hpc/sshproxy (Go) May 14, 2024
TYPO3 vulnerable to an HTML Injection in the History Module Low
CVE-2024-34355 was published for typo3/cms-core (Composer) May 14, 2024
andreaskienast bnf
A vulnerability has been identified in SIMATIC RTLS Locating Manager (6GT2780-0DA00) (All... Low Unreviewed
CVE-2024-33583 was published May 14, 2024
A vulnerability has been identified in Parasolid V35.1 (All versions < V35.1.256), Parasolid V36... Low Unreviewed
CVE-2024-32637 was published May 14, 2024
PDFViewer is a control delivered as part of SAPUI5 product which shows the PDF content in an... Low Unreviewed
CVE-2024-33007 was published May 14, 2024
SAP Bank Account Management does not perform necessary authorization check for an authorized user... Low Unreviewed
CVE-2024-33000 was published May 14, 2024
Memory handling issue in editcap could cause denial of service via crafted capture file Low Unreviewed
CVE-2024-4853 was published May 14, 2024
Use after free issue in editcap could cause denial of service via crafted capture file Low Unreviewed
CVE-2024-4855 was published May 14, 2024
Missing authorization in PostgreSQL built-in views pg_stats_ext and pg_stats_ext_exprs allows an... Low Unreviewed
CVE-2024-4317 was published May 14, 2024
Duplicate Advisory: AVideo cross-site scripting vulnerability in the view/about.php page Low
GHSA-qvwg-c35p-rqhj was published for wwbn/avideo (Composer) May 14, 2024 withdrawn
Insufficient verification vulnerability in the system sharing pop-up module Impact: Successful... Low Unreviewed
CVE-2024-32989 was published May 14, 2024
IBM Security Guardium 11.3, 11.4, 11.5, and 12.0 could allow an authenticated user to upload... Low Unreviewed
CVE-2023-47711 was published May 14, 2024
Nokogiri updates packaged libxml2 to v2.12.7 to resolve CVE-2024-34459 Low
GHSA-r95h-9x8f-r3f7 was published for nokogiri (RubyGems) May 13, 2024
CommanderStorm postmodern
octo-sts vulnerable to unauthenticated attacker causing unbounded CPU and memory usage Low
CVE-2024-34079 was published for github.com/octo-sts/app (Go) May 13, 2024
enj
Sylius potentially vulnerable to Cross Site Scripting via "Name" field (Taxons, Products, Options, Variants) in Admin Panel Low
CVE-2024-34349 was published for sylius/sylius (Composer) May 10, 2024
thelounge may publicly disclose of all usernames/idents via port 113 Low
GHSA-g49q-jw42-6x85 was published for thelounge (npm) May 9, 2024
Juerd
Dell Update Manager Plugin, versions 1.4.0 through 1.5.0, contains a Plain-text Password Storage... Low Unreviewed
CVE-2024-28971 was published May 8, 2024
ProTip! Advisories are also available from the GraphQL API