Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,678
Erlang
29
GitHub Actions
16
Go
1,707
Maven
4,940
npm
3,471
NuGet
603
pip
2,993
Pub
10
RubyGems
826
Rust
773
Swift
34
Unreviewed advisories
All unreviewed
5,000+

92,720 advisories

Openstack Aodh can be used to launder Keystone trusts High
CVE-2017-12440 was published for aodh (pip) May 13, 2022
A vulnerability has been identified in Cerberus PRO EN Engineering Tool (All versions), Cerberus... High Unreviewed
CVE-2024-22040 was published Mar 12, 2024
OpenStack Nova Denial of service attack on the compute host High
CVE-2017-18191 was published for nova (pip) May 13, 2022
In Bouncy Castle JCE Provider it is possible to inject extra elements in the sequence making up the signature and still have it validate High
CVE-2016-1000338 was published for org.bouncycastle:bcprov-jdk14 (Maven) Oct 17, 2018
AndrzejBiernacki2010 SunBK201
A vulnerability has been identified in Cerberus PRO EN Engineering Tool (All versions), Cerberus... High Unreviewed
CVE-2024-22041 was published Mar 12, 2024
A vulnerability has been identified in Nucleus NET (All versions), Nucleus ReadyStart V3 (All... High Unreviewed
CVE-2022-38371 was published Oct 11, 2022
PocketMine-MP server crash with certain invalid JSON payloads in `LoginPacket` due to dependency vulnerability (again) High
GHSA-92jh-gwch-jq38 was published for pocketmine/pocketmine-mp (Composer) Sep 14, 2023
alvin0319 dktapps
SvenRtbg
A flaw was found in PCP. The default pmproxy configuration exposes the Redis server backend to... High Unreviewed
CVE-2024-3019 was published Mar 28, 2024
A vulnerability in Cisco Webex Teams, formerly Cisco Spark, could allow an authenticated, remote... High Unreviewed
CVE-2018-0436 was published May 13, 2022
Silverstripe X-Forwarded-Host request hostname injection High
GHSA-25gq-jvx2-vg9x was published for silverstripe/framework (Composer) May 23, 2024
The 140+ Widgets | Best Addons For Elementor – FREE for WordPress is vulnerable to PHP Object... High Unreviewed
CVE-2024-4471 was published May 23, 2024
The Hash Form – Drag & Drop Form Builder plugin for WordPress is vulnerable to PHP Object... High Unreviewed
CVE-2024-5085 was published May 23, 2024
Type Confusion in V8 in Google Chrome prior to 125.0.6422.60 allowed a remote attacker to execute... High Unreviewed
CVE-2024-4947 was published May 15, 2024
gix traversal outside working tree enables arbitrary code execution High
CVE-2024-35186 was published for gitoxide (Rust) May 22, 2024
EliahKagan Byron
The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) plugin for WordPress is... High Unreviewed
CVE-2024-4779 was published May 23, 2024
Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier are affected by an out-of-bounds... High Unreviewed
CVE-2024-30280 was published May 23, 2024
Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier are affected by an out-of-bounds... High Unreviewed
CVE-2024-30279 was published May 23, 2024
The Visual Website Collaboration, Feedback & Project Management – Atarim plugin for WordPress is... High Unreviewed
CVE-2024-2038 was published May 23, 2024
A XSS condition exists within GitLab in versions 15.11 before 16.10.6, 16.11 before 16.11.3, and... High Unreviewed
CVE-2024-4835 was published May 23, 2024
The WP Fastest Cache plugin for WordPress is vulnerable to Directory Traversal in all versions up... High Unreviewed
CVE-2024-4347 was published May 23, 2024
The Oxygen Builder plugin for WordPress is vulnerable to Remote Code Execution in all versions up... High Unreviewed
CVE-2024-4662 was published May 23, 2024
Justice AV Solutions Viewer Setup 8.3.7.250-1 contains a malicious binary when executed and is... High Unreviewed
CVE-2024-4978 was published May 23, 2024
An authentication bypass vulnerability in Veeam Agent for Microsoft Windows allows for local... High Unreviewed
CVE-2024-29853 was published May 23, 2024
Memory leaks in code encrypting and verifying RSA payloads High
CVE-2024-1394 was published for github.com/golang-fips/go (Go) Mar 20, 2024
qmuntal r3kumar
Veeam Backup Enterprise Manager allows account takeover via NTLM relay. High Unreviewed
CVE-2024-29850 was published May 23, 2024
ProTip! Advisories are also available from the GraphQL API