Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,272
Erlang
31
GitHub Actions
21
Go
2,047
Maven
5,000+
npm
3,739
NuGet
668
pip
3,415
Pub
12
RubyGems
891
Rust
868
Swift
36
Unreviewed advisories
All unreviewed
5,000+

11,250 advisories

Loading
Adobe Experience Manager versions 6.5.21 and earlier are affected by an Improper Input Validation... Low Unreviewed
CVE-2024-52831 was published Dec 11, 2024
Adobe Experience Manager versions 6.5.21 and earlier are affected by an Improper Input Validation... Low Unreviewed
CVE-2024-43755 was published Dec 11, 2024
Possible Content Security Policy bypass in Action Dispatch Low
CVE-2024-54133 was published for actionpack (RubyGems) Dec 10, 2024
Adobe Connect versions 12.6, 11.4.7 and earlier are affected by a URL Redirection to Untrusted... Low Unreviewed
CVE-2024-54050 was published Dec 10, 2024
Adobe Connect versions 12.6, 11.4.7 and earlier are affected by a URL Redirection to Untrusted... Low Unreviewed
CVE-2024-54051 was published Dec 10, 2024
In Splunk Enterprise versions below 9.3.0, 9.2.4, and 9.1.7 and Splunk Cloud Platform versions... Low Unreviewed
CVE-2024-53245 was published Dec 10, 2024
Simulation of Wasmd message can cause crashing Low
GHSA-vmg2-r3xv-r3xf was published for github.com/CosmWasm/wasmd (Go) Dec 10, 2024
Webservice API endpoints for Assisted Service Module within SAP Commerce Cloud has information... Low Unreviewed
CVE-2024-47577 was published Dec 10, 2024
SAP Product Lifecycle Costing Client (versions below 4.7.1) application loads on demand a DLL... Low Unreviewed
CVE-2024-47576 was published Dec 10, 2024
Drupal core contains a potential PHP Object Injection vulnerability Low
CVE-2024-55636 was published for drupal/core (Composer) Dec 10, 2024
An Improper Certificate Validation vulnerability exists in Tenable Security Center where an... Low Unreviewed
CVE-2024-12174 was published Dec 10, 2024
lxd CA certificate sign check bypass Low
CVE-2024-6156 was published for github.com/canonical/lxd (Go) Dec 9, 2024
markylaing
lxd has a restricted TLS certificate privilege escalation when in PKI mode Low
CVE-2024-6219 was published for github.com/canonical/lxd (Go) Dec 9, 2024
markylaing
User credentials (login & password) are inserted into log files when a user tries to authenticate... Low Unreviewed
CVE-2024-12057 was published Dec 9, 2024
Apache Superset: Improper SQL authorisation, parse not checking for specific postgres functions Low
CVE-2024-53947 was published for apache-superset (pip) Dec 9, 2024
Missing Authorization vulnerability in Jerod Santo WordPress Console allows Exploiting... Low Unreviewed
CVE-2023-28168 was published Dec 9, 2024
Missing Authorization vulnerability in Brainstorm Force Spectra allows Exploiting Incorrectly... Low Unreviewed
CVE-2023-23825 was published Dec 9, 2024
Missing Authorization vulnerability in miniOrange WordPress Social Login and Register (Discord,... Low Unreviewed
CVE-2023-24375 was published Dec 9, 2024
Missing Authorization vulnerability in CodePeople CP Multi View Event Calendar allows Exploiting... Low Unreviewed
CVE-2023-23814 was published Dec 9, 2024
Insufficient validation of filenames against control characters in Apache Subversion repositories... Low Unreviewed
CVE-2024-46901 was published Dec 9, 2024
shared_preferences_android vulnerability Low
GHSA-3hpf-ff72-j67p was published for shared_preferences_android (Pub) Dec 6, 2024
oskar-zeinomahmalat-sonarsource reidbaker
stuartmorgan
An improper handling of URL encoding (Hex Encoding) vulnerability has been reported to affect... Low Unreviewed
CVE-2024-48866 was published Dec 6, 2024
A use of externally-controlled format string vulnerability has been reported to affect several... Low Unreviewed
CVE-2024-50402 was published Dec 6, 2024
A use of externally-controlled format string vulnerability has been reported to affect several... Low Unreviewed
CVE-2024-50403 was published Dec 6, 2024
sigstore-java has a vulnerability with bundle verification Low
CVE-2024-54140 was published for dev.sigstore:sigstore-java (Maven) Dec 5, 2024
loosebazooka
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database