Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,683
Erlang
29
GitHub Actions
16
Go
1,708
Maven
4,944
npm
3,473
NuGet
603
pip
2,995
Pub
10
RubyGems
826
Rust
773
Swift
34
Unreviewed advisories
All unreviewed
5,000+

10,532 advisories

github.com/huandu/facebook may expose access_token in error message. Low
CVE-2024-35232 was published for github.com/huandu/facebook/v2 (Go) May 24, 2024
seiyab
vxe-table Cross-site Scripting vulnerability Low
CVE-2023-1001 was published for vxe-table (npm) May 24, 2024
vantage6 collaboration admins can extend their influence by expanding the collaboration Low
CVE-2024-32969 was published for vantage6 (pip) May 22, 2024
Veeam Backup Enterprise Manager allows high-privileged users to read backup session logs. Low Unreviewed
CVE-2024-29852 was published May 23, 2024
A flaw was found in the libssh implements abstract layer for message digest (MD) operations... Low Unreviewed
CVE-2023-6918 was published Dec 19, 2023
A flaw was found in libssh. By utilizing the ProxyCommand or ProxyJump feature, users can exploit... Low Unreviewed
CVE-2023-6004 was published Jan 3, 2024
Silverstripe admin XSS Vulnerability via WYSIWYG editor Low
GHSA-779c-7w4p-2c4g was published for silverstripe/admin (Composer) May 22, 2024
NATS server TLS missing ciphersuite settings when CLI flags used Low
CVE-2021-32026 was published for github.com/nats-io/nats-server/v2 (Go) May 14, 2024
lukas-braune
Django vulnerable to Denial of Service via i18n middleware component Low
CVE-2007-5712 was published for Django (pip) May 1, 2022
MarkLee131
github.com/bincyber/go-sqlcrypter vulnerable to IV collision Low
GHSA-2j6r-9vv4-6gf5 was published for github.com/bincyber/go-sqlcrypter (Go) May 20, 2024
Buildah (as part of Podman) vulnerable to Path Traversal Low
CVE-2022-4123 was published for github.com/containers/podman/v4 (Go) Dec 8, 2022
RandomAlphaNumeric and CryptoRandomAlphaNumeric are not as random as they should be Low
GHSA-xg2h-wx96-xgxr was published for github.com/Masterminds/goutils (Go) May 21, 2021
neild
In-band key negotiation issue in AWS S3 Crypto SDK for golang Low
CVE-2020-8912 was published for github.com/aws/aws-sdk-go (Go) Feb 11, 2022
sophieschmieg
Duplicate Advisory: AVideo cross-site scripting vulnerability in the view/about.php page Low
GHSA-qvwg-c35p-rqhj was published for wwbn/avideo (Composer) May 14, 2024 withdrawn
Passbolt Api Retrieval of HTTP-only cookies Low
GHSA-f5pp-pmq8-gp46 was published for passbolt/passbolt_api (Composer) May 20, 2024
vodozemac has degraded secret zeroization capabilities Low
CVE-2024-34063 was published for vodozemac (Rust) May 3, 2024
A vulnerability classified as problematic was found in PHPGurukul Directory Management System 1.0... Low Unreviewed
CVE-2024-5137 was published May 20, 2024
A vulnerability classified as problematic has been found in PHPGurukul Directory Management... Low Unreviewed
CVE-2024-5136 was published May 20, 2024
VeeamVixProxy in Veeam Backup & Replication (B&R) before 8.0 update 3 stores local administrator... Low Unreviewed
CVE-2015-5742 was published May 14, 2022
random_compat Uses insecure CSPRNG Low
GHSA-3fmq-x9q6-wm39 was published for paragonie/random_compat (Composer) May 17, 2024
onelogin/php-saml Improper signature validation on LogoutRequest/LogoutResponse. Low
GHSA-9wrw-p9rm-r782 was published for onelogin/php-saml (Composer) May 17, 2024
Insecure deserialize Vulnerability in FLOW3 Low
GHSA-7h74-7vcw-4mwp was published for neos/flow (Composer) May 17, 2024
A vulnerability was found in Emlog Pro 2.3.4. It has been classified as problematic. This affects... Low Unreviewed
CVE-2024-5044 was published May 17, 2024
Authentication Bypass by Spoofing vulnerability in helderk Maintenance Mode allows Functionality... Low Unreviewed
CVE-2024-32708 was published May 17, 2024
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS vulnerability in... Low Unreviewed
CVE-2024-4214 was published May 17, 2024
ProTip! Advisories are also available from the GraphQL API