Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,444
Erlang
29
GitHub Actions
16
Go
1,668
Maven
4,928
npm
3,458
NuGet
595
pip
2,876
Pub
10
RubyGems
823
Rust
766
Swift
34
Unreviewed advisories
All unreviewed
5,000+

92,277 advisories

Previous ATX is not checked to be the newest valid ATX by Smesher when validating incoming ATX High
CVE-2024-34360 was published for github.com/spacemeshos/api (Go) May 10, 2024
Next.js Server-Side Request Forgery in Server Actions High
CVE-2024-34351 was published for next (npm) May 9, 2024
Next.js Vulnerable to HTTP Request Smuggling High
CVE-2024-34350 was published for next (npm) May 9, 2024
elifoster-block
Npgsql vulnerable to SQL Injection via Protocol Message Size Overflow High
CVE-2024-32655 was published for Npgsql (NuGet) May 9, 2024
paul-gerste-sonarsource NinoFloris
@cyclonedx/cyclonedx-library Improper Restriction of XML External Entity Reference vulnerability High
CVE-2024-34345 was published for @cyclonedx/cyclonedx-library (npm) May 8, 2024
jkowalleck
BIG-IP Next Central Manager (CM) may allow an unauthenticated, remote attacker to obtain the BIG... High Unreviewed
CVE-2024-32049 was published May 8, 2024
PTC Codebeamer is vulnerable to a cross site scripting vulnerability that could allow an... High Unreviewed
CVE-2024-3951 was published May 8, 2024
When IPsec is configured on a virtual server, undisclosed traffic can cause the Traffic... High Unreviewed
CVE-2024-33608 was published May 8, 2024
An SQL injection vulnerability exists in the BIG-IP Next Central Manager API (URI).  Note:... High Unreviewed
CVE-2024-26026 was published May 8, 2024
An origin validation vulnerability exists in BIG-IP APM browser network access VPN client ... High Unreviewed
CVE-2024-28883 was published May 8, 2024
A stored cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP... High Unreviewed
CVE-2024-31156 was published May 8, 2024
An OData injection vulnerability exists in the BIG-IP Next Central Manager API (URI).  Note:... High Unreviewed
CVE-2024-21793 was published May 8, 2024
When BIG-IP AFM is licensed and provisioned, undisclosed DNS traffic can cause the Traffic... High Unreviewed
CVE-2024-25560 was published May 8, 2024
Apache Inlong Deserialization of Untrusted Data vulnerability High
CVE-2024-26579 was published for org.apache.inlong:manager-pojo (Maven) May 8, 2024
Missing Authorization vulnerability in Repute InfoSystems ARForms Form Builder.This issue affects... High Unreviewed
CVE-2024-31270 was published May 8, 2024
Missing Authorization vulnerability in PressFore Rolo Slider.This issue affects Rolo Slider: from... High Unreviewed
CVE-2024-1438 was published May 8, 2024
Deno permission escalation vulnerability via open of privileged files with missing `--deny` flag High
CVE-2024-34346 was published for deno (Rust) May 8, 2024
mmastrac
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed
CVE-2024-34553 was published May 8, 2024
Improper privilege management vulnerability in Lunar software that affects versions 6.0.2 through... High Unreviewed
CVE-2024-3507 was published May 8, 2024
The etcd package distributed with the Red Hat OpenStack platform has an incomplete fix for CVE... High Unreviewed
CVE-2024-4438 was published May 8, 2024
The etcd package distributed with the Red Hat OpenStack platform has an incomplete fix for CVE... High Unreviewed
CVE-2024-4437 was published May 8, 2024
The etcd package distributed with the Red Hat OpenStack platform has an incomplete fix for CVE... High Unreviewed
CVE-2024-4436 was published May 8, 2024
VMware Avi Load Balancer contains a privilege escalation vulnerability. A malicious actor with... High Unreviewed
CVE-2024-22264 was published May 8, 2024
The PostgreSQL implementation in Brocade SANnav versions before 2.3.0a is vulnerable to an... High Unreviewed
CVE-2024-2860 was published May 8, 2024
Local Root Exploit via Configuration Dictionary in dnf5daemon-server before 5.1.17 allows a... High Unreviewed
CVE-2024-1929 was published May 8, 2024
ProTip! Advisories are also available from the GraphQL API