GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,678
Erlang
29
GitHub Actions
16
Go
1,707
Maven
4,940
npm
3,471
NuGet
603
pip
2,993
Pub
10
RubyGems
826
Rust
773
Swift
34
Unreviewed advisories
All unreviewed
5,000+
92,720 advisories
Filter by severity
Openstack Aodh can be used to launder Keystone trusts
High
CVE-2017-12440
was published
for
aodh
(pip)
May 13, 2022
A vulnerability has been identified in Cerberus PRO EN Engineering Tool (All versions), Cerberus...
High
Unreviewed
CVE-2024-22040
was published
Mar 12, 2024
OpenStack Nova Denial of service attack on the compute host
High
CVE-2017-18191
was published
for
nova
(pip)
May 13, 2022
In Bouncy Castle JCE Provider it is possible to inject extra elements in the sequence making up the signature and still have it validate
High
CVE-2016-1000338
was published
for
org.bouncycastle:bcprov-jdk14
(Maven)
Oct 17, 2018
A vulnerability has been identified in Cerberus PRO EN Engineering Tool (All versions), Cerberus...
High
Unreviewed
CVE-2024-22041
was published
Mar 12, 2024
A vulnerability has been identified in Nucleus NET (All versions), Nucleus ReadyStart V3 (All...
High
Unreviewed
CVE-2022-38371
was published
Oct 11, 2022
PocketMine-MP server crash with certain invalid JSON payloads in `LoginPacket` due to dependency vulnerability (again)
High
GHSA-92jh-gwch-jq38
was published
for
pocketmine/pocketmine-mp
(Composer)
Sep 14, 2023
A flaw was found in PCP. The default pmproxy configuration exposes the Redis server backend to...
High
Unreviewed
CVE-2024-3019
was published
Mar 28, 2024
A vulnerability in Cisco Webex Teams, formerly Cisco Spark, could allow an authenticated, remote...
High
Unreviewed
CVE-2018-0436
was published
May 13, 2022
Silverstripe X-Forwarded-Host request hostname injection
High
GHSA-25gq-jvx2-vg9x
was published
for
silverstripe/framework
(Composer)
May 23, 2024
The 140+ Widgets | Best Addons For Elementor – FREE for WordPress is vulnerable to PHP Object...
High
Unreviewed
CVE-2024-4471
was published
May 23, 2024
The Hash Form – Drag & Drop Form Builder plugin for WordPress is vulnerable to PHP Object...
High
Unreviewed
CVE-2024-5085
was published
May 23, 2024
Type Confusion in V8 in Google Chrome prior to 125.0.6422.60 allowed a remote attacker to execute...
High
Unreviewed
CVE-2024-4947
was published
May 15, 2024
gix traversal outside working tree enables arbitrary code execution
High
CVE-2024-35186
was published
for
gitoxide
(Rust)
May 22, 2024
The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) plugin for WordPress is...
High
Unreviewed
CVE-2024-4779
was published
May 23, 2024
Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier are affected by an out-of-bounds...
High
Unreviewed
CVE-2024-30280
was published
May 23, 2024
Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier are affected by an out-of-bounds...
High
Unreviewed
CVE-2024-30279
was published
May 23, 2024
The Visual Website Collaboration, Feedback & Project Management – Atarim plugin for WordPress is...
High
Unreviewed
CVE-2024-2038
was published
May 23, 2024
A XSS condition exists within GitLab in versions 15.11 before 16.10.6, 16.11 before 16.11.3, and...
High
Unreviewed
CVE-2024-4835
was published
May 23, 2024
The WP Fastest Cache plugin for WordPress is vulnerable to Directory Traversal in all versions up...
High
Unreviewed
CVE-2024-4347
was published
May 23, 2024
The Oxygen Builder plugin for WordPress is vulnerable to Remote Code Execution in all versions up...
High
Unreviewed
CVE-2024-4662
was published
May 23, 2024
Justice AV Solutions Viewer Setup 8.3.7.250-1 contains a malicious binary when executed and is...
High
Unreviewed
CVE-2024-4978
was published
May 23, 2024
An authentication bypass vulnerability in Veeam Agent for Microsoft Windows allows for local...
High
Unreviewed
CVE-2024-29853
was published
May 23, 2024
Memory leaks in code encrypting and verifying RSA payloads
High
CVE-2024-1394
was published
for
github.com/golang-fips/go
(Go)
Mar 20, 2024
Veeam Backup Enterprise Manager allows account takeover via NTLM relay.
High
Unreviewed
CVE-2024-29850
was published
May 23, 2024
ProTip!
Advisories are also available from the
GraphQL API