GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,678
Erlang
29
GitHub Actions
16
Go
1,707
Maven
4,940
npm
3,471
NuGet
603
pip
2,993
Pub
10
RubyGems
826
Rust
773
Swift
34
Unreviewed advisories
All unreviewed
5,000+
237,273 advisories
Filter by severity
Cross Site Request Forgery vulnerability in GNU Savane v.3.12 and before allows a remote attacker...
Unknown
Unreviewed
CVE-2024-27631
was published
Apr 8, 2024
Apache Airflow: DAG Code and Import Error Permissions Ignored
Moderate
CVE-2024-27906
was published
for
apache-airflow
(pip)
Feb 29, 2024
Apache Airflow exposes arbitrary file content
Moderate
CVE-2022-38170
was published
for
apache-airflow
(pip)
Sep 3, 2022
A use-after-free flaw was found in libvirt. The qemuMonitorUnregister() function in...
Moderate
Unreviewed
CVE-2021-3975
was published
Aug 24, 2022
A flaw was found in libvirt while it generates SELinux MCS category pairs for VMs' dynamic labels...
Moderate
Unreviewed
CVE-2021-3631
was published
Mar 4, 2022
An file upload vulnerability in Ivanti ITSM before 2023.4, allows an authenticated remote user to...
Critical
Unreviewed
CVE-2023-46808
was published
Mar 31, 2024
Bluetooth BR/EDR devices with Secure Simple Pairing and Secure Connections pairing in Bluetooth...
Moderate
Unreviewed
CVE-2023-24023
was published
Nov 28, 2023
A vulnerability was found in Totolink N200RE V5 9.3.5u.6255_B20211224. It has been classified as...
Low
Unreviewed
CVE-2024-0942
was published
Jan 26, 2024
The usb_serial_console_disconnect function in drivers/usb/serial/console.c in the Linux kernel...
High
Unreviewed
CVE-2017-16525
was published
May 14, 2022
A division-by-zero error on some AMD processors can potentially return speculative data...
Moderate
Unreviewed
CVE-2023-20588
was published
Aug 8, 2023
This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy
handshake.
When curl is...
Critical
Unreviewed
CVE-2023-38545
was published
Oct 18, 2023
The Debian pg_ctlcluster, pg_createcluster, and pg_upgradecluster scripts, as distributed in the...
Moderate
Unreviewed
CVE-2017-8806
was published
May 17, 2022
A command injection vulnerability in Ivanti Sentry prior to 9.19.0 allows unauthenticated threat...
Critical
Unreviewed
CVE-2023-41724
was published
Mar 31, 2024
Out-of-bounds Read in padmd_vld_ac_prog_refine of libpadm.so prior to SMR Feb-2024 Release 1...
Moderate
Unreviewed
CVE-2024-20814
was published
Feb 6, 2024
A vulnerability classified as problematic has been found in Totolink T8 4.1.5cu.833_20220905....
Moderate
Unreviewed
CVE-2024-0569
was published
Jan 16, 2024
An improper locking issue was found in the virStoragePoolLookupByTargetPath API of libvirt. It...
Moderate
Unreviewed
CVE-2021-3667
was published
Mar 4, 2022
Cross-Site Request Forgery (CSRF) vulnerability in Planet IGS-4215-16T2S, affecting firmware...
High
Unreviewed
CVE-2024-2741
was published
Apr 11, 2024
Cross-site request forgery (CSRF) vulnerability exists in Ninja Forms prior to 3.4.31. If a...
Unknown
Unreviewed
CVE-2024-25572
was published
Apr 11, 2024
A vulnerability, which was classified as critical, has been found in SourceCodester Kortex Lite...
Moderate
Unreviewed
CVE-2024-3617
was published
Apr 11, 2024
Deserialization of Untrusted Data vulnerability in PropertyHive.This issue affects PropertyHive:...
Moderate
Unreviewed
CVE-2024-27985
was published
Apr 11, 2024
Cross-Site Request Forgery (CSRF) vulnerability in Michael Leithold DSGVO All in one for WP.This...
Moderate
Unreviewed
CVE-2024-27967
was published
Apr 11, 2024
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')...
Moderate
Unreviewed
CVE-2024-27991
was published
Apr 11, 2024
Ninja Forms prior to 3.8.1 contains a cross-site scripting vulnerability in custom fields for...
Unknown
Unreviewed
CVE-2024-29220
was published
Apr 11, 2024
A vulnerability, which was classified as critical, was found in SourceCodester Kortex Lite...
Moderate
Unreviewed
CVE-2024-3618
was published
Apr 11, 2024
Missing Authorization vulnerability in WP Swings Points and Rewards for WooCommerce.This issue...
Moderate
Unreviewed
CVE-2023-27607
was published
Apr 11, 2024
ProTip!
Advisories are also available from the
GraphQL API