GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,413
Erlang
28
GitHub Actions
16
Go
1,653
Maven
4,915
npm
3,442
NuGet
594
pip
2,828
Pub
10
RubyGems
823
Rust
763
Swift
34
Unreviewed advisories
All unreviewed
5,000+
10,296 advisories
Filter by severity
An Improper input validation vulnerability that could potentially lead to privilege escalation...
Critical
Unreviewed
CVE-2024-4142
was published
May 1, 2024
Uptime Kuma vulnerable to authenticated remote code execution via malicious plugin installation
High
CVE-2023-36821
was published
for
uptime-kuma
(npm)
May 1, 2024
Dell OpenManage Enterprise, versions prior to 4.1.0, contains an XSS injection vulnerability in...
Moderate
Unreviewed
CVE-2024-28979
was published
May 1, 2024
vyper performs incorrect topic logging in raw_log
Moderate
CVE-2024-32645
was published
for
vyper
(pip)
Apr 25, 2024
vyper performs double eval of the slice args when buffer from adhoc locations
Moderate
CVE-2024-32646
was published
for
vyper
(pip)
Apr 25, 2024
Unicode transformation vulnerability in Hyperion affecting version 2.0.15. This vulnerability...
Moderate
Unreviewed
CVE-2024-4175
was published
Apr 25, 2024
A crafted response from an upstream server the recursor has been configured to forward-recurse to...
High
Unreviewed
CVE-2024-25583
was published
Apr 25, 2024
Heketi Arbitrary Code Execution
High
CVE-2017-15103
was published
for
github.com/heketi/heketi
(Go)
Apr 24, 2024
Dell Repository Manager, versions 3.4.2 through 3.4.4,contains a Path Traversal vulnerability in...
Low
Unreviewed
CVE-2024-28977
was published
Apr 24, 2024
Dell Repository Manager, versions prior to 3.4.5, contains a Path Traversal vulnerability in API...
High
Unreviewed
CVE-2024-28976
was published
Apr 24, 2024
Kubernetes allows bypassing mountable secrets policy imposed by the ServiceAccount admission plugin
Low
CVE-2024-3177
was published
for
k8s.io/kubernetes
(Go)
Apr 23, 2024
VFS Sandbox Escape in CrushFTP in all versions before 10.7.1 and 11.1.0 on all platforms allows...
High
Unreviewed
CVE-2024-4040
was published
Apr 22, 2024
A command injection vulnerability was identified in GitHub Enterprise Server that allowed an...
High
Unreviewed
CVE-2024-3646
was published
Apr 19, 2024
Server receiving a malformed message to create a new connection could lead to an attacker...
High
Unreviewed
CVE-2023-5397
was published
Apr 17, 2024
Keycloak Cross-site Scripting (XSS) via assertion consumer service URL in SAML POST-binding flow
Moderate
CVE-2023-6717
was published
for
org.keycloak:keycloak-services
(Maven)
Apr 17, 2024
Improper Input Validation vulnerability in Saturday Drive Ninja Forms Contact Form.This issue...
Moderate
Unreviewed
CVE-2023-36505
was published
Apr 17, 2024
mintplex-labs/anything-llm is vulnerable to improper input validation, allowing attackers to read...
High
Unreviewed
CVE-2024-3028
was published
Apr 16, 2024
In mintplex-labs/anything-llm, an attacker can exploit improper input validation by sending a...
Critical
Unreviewed
CVE-2024-3029
was published
Apr 16, 2024
A specific malformed fragmented packet type (fragmented packets may be generated automatically...
High
Unreviewed
CVE-2024-3493
was published
Apr 16, 2024
An input validation vulnerability exists in the Rockwell Automation 5015-AENFTXT that causes the...
High
Unreviewed
CVE-2024-2424
was published
Apr 16, 2024
The Web interface of Evolution Controller Versions 2.04.560.31.03.2024 and below does not proper...
High
Unreviewed
CVE-2024-29838
was published
Apr 15, 2024
An Improper Input Validation vulnerability in Juniper Tunnel Driver (jtd) and ICMP module of...
Moderate
Unreviewed
CVE-2024-21590
was published
Apr 12, 2024
A command injection vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS...
Critical
Unreviewed
CVE-2024-3400
was published
Apr 12, 2024
A flaw was found in FreeIPA. This issue may allow a remote attacker to craft a HTTP request with...
Moderate
Unreviewed
CVE-2024-1481
was published
Apr 10, 2024
A packet processing mechanism in Palo Alto Networks PAN-OS software enables a remote attacker to...
High
Unreviewed
CVE-2024-3385
was published
Apr 10, 2024
ProTip!
Advisories are also available from the
GraphQL API