Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,286
Erlang
31
GitHub Actions
21
Go
2,058
Maven
5,000+
npm
3,742
NuGet
668
pip
3,423
Pub
12
RubyGems
892
Rust
875
Swift
36
Unreviewed advisories
All unreviewed
5,000+

11,273 advisories

Loading
An improper handling of URL encoding (Hex Encoding) vulnerability has been reported to affect... Low Unreviewed
CVE-2024-48866 was published Dec 6, 2024
A use of externally-controlled format string vulnerability has been reported to affect several... Low Unreviewed
CVE-2024-50402 was published Dec 6, 2024
Certifi removes GLOBALTRUST root certificate Low
CVE-2024-39689 was published for certifi (pip) Jul 5, 2024
Kwpolska
The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.7... Low Unreviewed
CVE-2024-23257 was published Mar 8, 2024
sigstore-java has a vulnerability with bundle verification Low
CVE-2024-54140 was published for dev.sigstore:sigstore-java (Maven) Dec 5, 2024
loosebazooka
A privacy issue was addressed with improved handling of temporary files. This issue is fixed in... Low Unreviewed
CVE-2024-23232 was published Mar 8, 2024
Firepad allows insecure document access Low
CVE-2024-51210 was published for firepad (npm) Dec 4, 2024
Unsound usages of `std::slice::from_raw_parts` Low
GHSA-gw5w-5j7f-jmjj was published for pprof (Rust) Dec 5, 2024
The issue was addressed with improved checks. This issue is fixed in iOS 16.5 and iPadOS 16.5,... Low Unreviewed
CVE-2023-32390 was published Jun 23, 2023
A privacy issue was addressed with improved handling of temporary files. This issue is fixed in... Low Unreviewed
CVE-2023-32386 was published Jun 23, 2023
Jenkins GitHub Pull Request Builder Plugin credential capture vulnerability Low
CVE-2018-1000186 was published for org.jenkins-ci.plugins:ghprb (Maven) May 14, 2022
binary-1024
HCL DevOps Deploy / HCL Launch is vulnerable to HTML injection. This vulnerability may allow a... Low Unreviewed
CVE-2024-42195 was published Dec 5, 2024
Improper authorization in handler for custom URL scheme issue in 'Skylark' App for Android 6.2.13... Low Unreviewed
CVE-2024-54014 was published Dec 5, 2024
A vulnerability was found in ZhongBangKeJi CRMEB 5.2.2. It has been classified as problematic.... Low Unreviewed
CVE-2024-1703 was published Feb 21, 2024
Vulnerability in the Oracle Solaris product of Oracle Systems (component: Utility). The... Low Unreviewed
CVE-2024-21105 was published Apr 17, 2024
Seecms v4.8 was discovered to contain a SQL injection vulnerability in the SEMCMS_SeoAndTag.php... Low Unreviewed
CVE-2024-53502 was published Dec 4, 2024
It was identified that in certain versions of Octopus Server, that a user created with no... Low Unreviewed
CVE-2024-4226 was published Apr 30, 2024
Vulnerability of null references in the motor module.Successful exploitation of this... Low Unreviewed
CVE-2023-52371 was published Feb 18, 2024
linkme fails to ensure slice elements match the slice's declared type Low
GHSA-f95p-4cv5-8w8x was published for linkme (Rust) Dec 4, 2024
The Client secret is not checked when using the OAuth Password grant type. By exploiting this... Low Unreviewed
CVE-2024-12056 was published Dec 4, 2024
In JetBrains YouTrack before 2024.3.52635 potential spoofing attack was possible via lack of... Low Unreviewed
CVE-2024-54158 was published Dec 4, 2024
In JetBrains YouTrack before 2024.3.51866 improper access control allowed listing of project... Low Unreviewed
CVE-2024-54155 was published Dec 4, 2024
In JetBrains YouTrack before 2024.3.51866 unauthenticated database backup download was possible... Low Unreviewed
CVE-2024-54153 was published Dec 4, 2024
Information Disclosure in Password Reset Low
CVE-2020-11063 was published for typo3/cms (Composer) May 13, 2020
NeoBlack ohader
An issue was discovered in the installer in Samsung Magician 8.1.0 on Windows. An attacker can... Low Unreviewed
CVE-2024-53921 was published Dec 3, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database