GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,611
Erlang
29
GitHub Actions
16
Go
1,698
Maven
4,936
npm
3,466
NuGet
601
pip
2,975
Pub
10
RubyGems
826
Rust
767
Swift
34
Unreviewed advisories
All unreviewed
5,000+
10,354 advisories
Filter by severity
Memory corruption when the channel ID passed by user is not validated and further used.
High
Unreviewed
CVE-2024-21476
was published
May 6, 2024
A SQLi vulnerability exists in Delta Electronics DIAEnergie v1.10.1.8610 and prior when CEBC.exe...
Critical
Unreviewed
CVE-2024-4547
was published
May 6, 2024
An SQLi vulnerability exists in Delta Electronics DIAEnergie v1.10.1.8610 and prior when CEBC.exe...
Critical
Unreviewed
CVE-2024-4548
was published
May 6, 2024
In preloader, there is a possible escalation of privilege due to an insecure default value. This...
Unknown
Unreviewed
CVE-2024-20056
was published
May 6, 2024
In wlan service, there is a possible out of bounds write due to improper input validation. This...
Unknown
Unreviewed
CVE-2024-20064
was published
May 6, 2024
LG Simple Editor joinAddUser Improper Input Validation Denial-of-Service Vulnerability. This...
High
Unreviewed
CVE-2023-40515
was published
May 3, 2024
Unified Automation UaGateway OPC UA Server Improper Input Validation Denial-of-Service...
Moderate
Unreviewed
CVE-2023-32170
was published
May 3, 2024
An Improper input validation vulnerability that could potentially lead to privilege escalation...
Critical
Unreviewed
CVE-2024-4142
was published
May 1, 2024
Uptime Kuma vulnerable to authenticated remote code execution via malicious plugin installation
High
CVE-2023-36821
was published
for
uptime-kuma
(npm)
May 1, 2024
Dell OpenManage Enterprise, versions prior to 4.1.0, contains an XSS injection vulnerability in...
Moderate
Unreviewed
CVE-2024-28979
was published
May 1, 2024
vyper performs incorrect topic logging in raw_log
Moderate
CVE-2024-32645
was published
for
vyper
(pip)
Apr 25, 2024
vyper performs double eval of the slice args when buffer from adhoc locations
Moderate
CVE-2024-32646
was published
for
vyper
(pip)
Apr 25, 2024
Unicode transformation vulnerability in Hyperion affecting version 2.0.15. This vulnerability...
Moderate
Unreviewed
CVE-2024-4175
was published
Apr 25, 2024
A crafted response from an upstream server the recursor has been configured to forward-recurse to...
High
Unreviewed
CVE-2024-25583
was published
Apr 25, 2024
Heketi Arbitrary Code Execution
High
CVE-2017-15103
was published
for
github.com/heketi/heketi
(Go)
Apr 24, 2024
Dell Repository Manager, versions prior to 3.4.5, contains a Path Traversal vulnerability in API...
High
Unreviewed
CVE-2024-28976
was published
Apr 24, 2024
Dell Repository Manager, versions 3.4.2 through 3.4.4,contains a Path Traversal vulnerability in...
Low
Unreviewed
CVE-2024-28977
was published
Apr 24, 2024
Kubernetes allows bypassing mountable secrets policy imposed by the ServiceAccount admission plugin
Low
CVE-2024-3177
was published
for
k8s.io/kubernetes
(Go)
Apr 23, 2024
VFS Sandbox Escape in CrushFTP in all versions before 10.7.1 and 11.1.0 on all platforms allows...
High
Unreviewed
CVE-2024-4040
was published
Apr 22, 2024
A command injection vulnerability was identified in GitHub Enterprise Server that allowed an...
High
Unreviewed
CVE-2024-3646
was published
Apr 19, 2024
Server receiving a malformed message to create a new connection could lead to an attacker...
High
Unreviewed
CVE-2023-5397
was published
Apr 17, 2024
Keycloak Cross-site Scripting (XSS) via assertion consumer service URL in SAML POST-binding flow
Moderate
CVE-2023-6717
was published
for
org.keycloak:keycloak-services
(Maven)
Apr 17, 2024
Improper Input Validation vulnerability in Saturday Drive Ninja Forms Contact Form.This issue...
Moderate
Unreviewed
CVE-2023-36505
was published
Apr 17, 2024
mintplex-labs/anything-llm is vulnerable to improper input validation, allowing attackers to read...
High
Unreviewed
CVE-2024-3028
was published
Apr 16, 2024
In mintplex-labs/anything-llm, an attacker can exploit improper input validation by sending a...
Critical
Unreviewed
CVE-2024-3029
was published
Apr 16, 2024
ProTip!
Advisories are also available from the
GraphQL API