Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,413
Erlang
28
GitHub Actions
16
Go
1,653
Maven
4,915
npm
3,442
NuGet
594
pip
2,828
Pub
10
RubyGems
823
Rust
763
Swift
34
Unreviewed advisories
All unreviewed
5,000+

10,296 advisories

An Improper input validation vulnerability that could potentially lead to privilege escalation... Critical Unreviewed
CVE-2024-4142 was published May 1, 2024
Uptime Kuma vulnerable to authenticated remote code execution via malicious plugin installation High
CVE-2023-36821 was published for uptime-kuma (npm) May 1, 2024
n-thumann
Dell OpenManage Enterprise, versions prior to 4.1.0, contains an XSS injection vulnerability in... Moderate Unreviewed
CVE-2024-28979 was published May 1, 2024
vyper performs incorrect topic logging in raw_log Moderate
CVE-2024-32645 was published for vyper (pip) Apr 25, 2024
chen-robert
vyper performs double eval of the slice args when buffer from adhoc locations Moderate
CVE-2024-32646 was published for vyper (pip) Apr 25, 2024
cyberthirst
Unicode transformation vulnerability in Hyperion affecting version 2.0.15. This vulnerability... Moderate Unreviewed
CVE-2024-4175 was published Apr 25, 2024
A crafted response from an upstream server the recursor has been configured to forward-recurse to... High Unreviewed
CVE-2024-25583 was published Apr 25, 2024
Heketi Arbitrary Code Execution High
CVE-2017-15103 was published for github.com/heketi/heketi (Go) Apr 24, 2024
Dell Repository Manager, versions 3.4.2 through 3.4.4,contains a Path Traversal vulnerability in... Low Unreviewed
CVE-2024-28977 was published Apr 24, 2024
Dell Repository Manager, versions prior to 3.4.5, contains a Path Traversal vulnerability in API... High Unreviewed
CVE-2024-28976 was published Apr 24, 2024
Kubernetes allows bypassing mountable secrets policy imposed by the ServiceAccount admission plugin Low
CVE-2024-3177 was published for k8s.io/kubernetes (Go) Apr 23, 2024
VFS Sandbox Escape in CrushFTP in all versions before 10.7.1 and 11.1.0 on all platforms allows... High Unreviewed
CVE-2024-4040 was published Apr 22, 2024
A command injection vulnerability was identified in GitHub Enterprise Server that allowed an... High Unreviewed
CVE-2024-3646 was published Apr 19, 2024
Server receiving a malformed message to create a new connection could lead to an attacker... High Unreviewed
CVE-2023-5397 was published Apr 17, 2024
Keycloak Cross-site Scripting (XSS) via assertion consumer service URL in SAML POST-binding flow Moderate
CVE-2023-6717 was published for org.keycloak:keycloak-services (Maven) Apr 17, 2024
Improper Input Validation vulnerability in Saturday Drive Ninja Forms Contact Form.This issue... Moderate Unreviewed
CVE-2023-36505 was published Apr 17, 2024
mintplex-labs/anything-llm is vulnerable to improper input validation, allowing attackers to read... High Unreviewed
CVE-2024-3028 was published Apr 16, 2024
In mintplex-labs/anything-llm, an attacker can exploit improper input validation by sending a... Critical Unreviewed
CVE-2024-3029 was published Apr 16, 2024
A specific malformed fragmented packet type (fragmented packets may be generated automatically... High Unreviewed
CVE-2024-3493 was published Apr 16, 2024
An input validation vulnerability exists in the Rockwell Automation 5015-AENFTXT that causes the... High Unreviewed
CVE-2024-2424 was published Apr 16, 2024
The Web interface of Evolution Controller Versions 2.04.560.31.03.2024 and below does not proper... High Unreviewed
CVE-2024-29838 was published Apr 15, 2024
An Improper Input Validation vulnerability in Juniper Tunnel Driver (jtd) and ICMP module of... Moderate Unreviewed
CVE-2024-21590 was published Apr 12, 2024
A command injection vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS... Critical Unreviewed
CVE-2024-3400 was published Apr 12, 2024
A flaw was found in FreeIPA. This issue may allow a remote attacker to craft a HTTP request with... Moderate Unreviewed
CVE-2024-1481 was published Apr 10, 2024
A packet processing mechanism in Palo Alto Networks PAN-OS software enables a remote attacker to... High Unreviewed
CVE-2024-3385 was published Apr 10, 2024
ProTip! Advisories are also available from the GraphQL API