Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,272
Erlang
31
GitHub Actions
21
Go
2,047
Maven
5,000+
npm
3,739
NuGet
668
pip
3,415
Pub
12
RubyGems
891
Rust
868
Swift
36
Unreviewed advisories
All unreviewed
5,000+

11,250 advisories

Loading
Unsound usages of `std::slice::from_raw_parts` Low
GHSA-gw5w-5j7f-jmjj was published for pprof (Rust) Dec 5, 2024
HCL DevOps Deploy / HCL Launch is vulnerable to HTML injection. This vulnerability may allow a... Low Unreviewed
CVE-2024-42195 was published Dec 5, 2024
Improper authorization in handler for custom URL scheme issue in 'Skylark' App for Android 6.2.13... Low Unreviewed
CVE-2024-54014 was published Dec 5, 2024
Firepad allows insecure document access Low
CVE-2024-51210 was published for firepad (npm) Dec 4, 2024
linkme fails to ensure slice elements match the slice's declared type Low
GHSA-f95p-4cv5-8w8x was published for linkme (Rust) Dec 4, 2024
The Client secret is not checked when using the OAuth Password grant type. By exploiting this... Low Unreviewed
CVE-2024-12056 was published Dec 4, 2024
In JetBrains YouTrack before 2024.3.51866 improper access control allowed listing of project... Low Unreviewed
CVE-2024-54155 was published Dec 4, 2024
In JetBrains YouTrack before 2024.3.52635 potential spoofing attack was possible via lack of... Low Unreviewed
CVE-2024-54158 was published Dec 4, 2024
In JetBrains YouTrack before 2024.3.51866 unauthenticated database backup download was possible... Low Unreviewed
CVE-2024-54153 was published Dec 4, 2024
Seecms v4.8 was discovered to contain a SQL injection vulnerability in the SEMCMS_SeoAndTag.php... Low Unreviewed
CVE-2024-53502 was published Dec 4, 2024
An issue was discovered in the installer in Samsung Magician 8.1.0 on Windows. An attacker can... Low Unreviewed
CVE-2024-53921 was published Dec 3, 2024
Authentication Bypass Using an Alternate Path in Dex Mode prior to SMR Dec-2024 Release 1 allows... Low Unreviewed
CVE-2024-49414 was published Dec 3, 2024
Use of implicit intent for sensitive communication in Smart Touch Call prior to 1.0.0.8 allows... Low Unreviewed
CVE-2024-49417 was published Dec 3, 2024
rails-html-sanitizer has XSS vulnerability with certain configurations Low
CVE-2024-53989 was published for rails-html-sanitizer (RubyGems) Dec 2, 2024
rails-html-sanitizer has XSS vulnerability with certain configurations Low
CVE-2024-53987 was published for rails-html-sanitizer (RubyGems) Dec 2, 2024
rails-html-sanitizer has XSS vulnerability with certain configurations Low
CVE-2024-53988 was published for rails-html-sanitizer (RubyGems) Dec 2, 2024
rails-html-sanitizer has XSS vulnerability with certain configurations Low
CVE-2024-53986 was published for rails-html-sanitizer (RubyGems) Dec 2, 2024
rails-html-sanitize has XSS vulnerability with certain configurations Low
CVE-2024-53985 was published for rails-html-sanitizer (RubyGems) Dec 2, 2024
PyJWT Issuer field partial matches allowed Low
CVE-2024-53861 was published for PyJWT (pip) Dec 2, 2024
fabianbadoi
veraPDF CLI has potential XXE (XML External Entity Injection) vulnerability Low
CVE-2024-52800 was published for org.verapdf:core (Maven) Dec 2, 2024
A security vulnerability in HPE IceWall products could be exploited remotely to cause... Low Unreviewed
CVE-2024-11856 was published Dec 2, 2024
Multiple FCNT Android devices provide the original security features such as "privacy mode" where... Low Unreviewed
CVE-2024-53701 was published Nov 29, 2024
The game extension engine of versions 1.2.7.0 and earlier exposes some components, and attackers... Low Unreviewed
CVE-2024-46939 was published Nov 28, 2024
When exporting media types, the password is exported in the YAML in plain text. This appears to... Low Unreviewed
CVE-2024-36464 was published Nov 27, 2024
In the src/libs/zbxembed/browser.c file, the es_browser_ctor method retrieves a heap pointer from... Low Unreviewed
CVE-2024-42331 was published Nov 27, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database