Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,678
Erlang
29
GitHub Actions
16
Go
1,707
Maven
4,940
npm
3,471
NuGet
603
pip
2,993
Pub
10
RubyGems
826
Rust
773
Swift
34
Unreviewed advisories
All unreviewed
5,000+

237,273 advisories

Cross Site Request Forgery vulnerability in GNU Savane v.3.12 and before allows a remote attacker... Unknown Unreviewed
CVE-2024-27631 was published Apr 8, 2024
Apache Airflow: DAG Code and Import Error Permissions Ignored Moderate
CVE-2024-27906 was published for apache-airflow (pip) Feb 29, 2024
oscerd sunSUNQ
Apache Airflow exposes arbitrary file content Moderate
CVE-2022-38170 was published for apache-airflow (pip) Sep 3, 2022
sunSUNQ
A use-after-free flaw was found in libvirt. The qemuMonitorUnregister() function in... Moderate Unreviewed
CVE-2021-3975 was published Aug 24, 2022
A flaw was found in libvirt while it generates SELinux MCS category pairs for VMs' dynamic labels... Moderate Unreviewed
CVE-2021-3631 was published Mar 4, 2022
An file upload vulnerability in Ivanti ITSM before 2023.4, allows an authenticated remote user to... Critical Unreviewed
CVE-2023-46808 was published Mar 31, 2024
Bluetooth BR/EDR devices with Secure Simple Pairing and Secure Connections pairing in Bluetooth... Moderate Unreviewed
CVE-2023-24023 was published Nov 28, 2023
A vulnerability was found in Totolink N200RE V5 9.3.5u.6255_B20211224. It has been classified as... Low Unreviewed
CVE-2024-0942 was published Jan 26, 2024
The usb_serial_console_disconnect function in drivers/usb/serial/console.c in the Linux kernel... High Unreviewed
CVE-2017-16525 was published May 14, 2022
A division-by-zero error on some AMD processors can potentially return speculative data... Moderate Unreviewed
CVE-2023-20588 was published Aug 8, 2023
This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy handshake. When curl is... Critical Unreviewed
CVE-2023-38545 was published Oct 18, 2023
The Debian pg_ctlcluster, pg_createcluster, and pg_upgradecluster scripts, as distributed in the... Moderate Unreviewed
CVE-2017-8806 was published May 17, 2022
A command injection vulnerability in Ivanti Sentry prior to 9.19.0 allows unauthenticated threat... Critical Unreviewed
CVE-2023-41724 was published Mar 31, 2024
Out-of-bounds Read in padmd_vld_ac_prog_refine of libpadm.so prior to SMR Feb-2024 Release 1... Moderate Unreviewed
CVE-2024-20814 was published Feb 6, 2024
A vulnerability classified as problematic has been found in Totolink T8 4.1.5cu.833_20220905.... Moderate Unreviewed
CVE-2024-0569 was published Jan 16, 2024
An improper locking issue was found in the virStoragePoolLookupByTargetPath API of libvirt. It... Moderate Unreviewed
CVE-2021-3667 was published Mar 4, 2022
Cross-Site Request Forgery (CSRF) vulnerability in Planet IGS-4215-16T2S, affecting firmware... High Unreviewed
CVE-2024-2741 was published Apr 11, 2024
Cross-site request forgery (CSRF) vulnerability exists in Ninja Forms prior to 3.4.31. If a... Unknown Unreviewed
CVE-2024-25572 was published Apr 11, 2024
A vulnerability, which was classified as critical, has been found in SourceCodester Kortex Lite... Moderate Unreviewed
CVE-2024-3617 was published Apr 11, 2024
Deserialization of Untrusted Data vulnerability in PropertyHive.This issue affects PropertyHive:... Moderate Unreviewed
CVE-2024-27985 was published Apr 11, 2024
Cross-Site Request Forgery (CSRF) vulnerability in Michael Leithold DSGVO All in one for WP.This... Moderate Unreviewed
CVE-2024-27967 was published Apr 11, 2024
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Moderate Unreviewed
CVE-2024-27991 was published Apr 11, 2024
Ninja Forms prior to 3.8.1 contains a cross-site scripting vulnerability in custom fields for... Unknown Unreviewed
CVE-2024-29220 was published Apr 11, 2024
A vulnerability, which was classified as critical, was found in SourceCodester Kortex Lite... Moderate Unreviewed
CVE-2024-3618 was published Apr 11, 2024
Missing Authorization vulnerability in WP Swings Points and Rewards for WooCommerce.This issue... Moderate Unreviewed
CVE-2023-27607 was published Apr 11, 2024
ProTip! Advisories are also available from the GraphQL API