GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
141 advisories
Filter by severity
snapd failed to properly check the destination of symbolic links when extracting a snap
Low
CVE-2024-29069
was published
for
github.com/snapcore/snapd
(Go)
Jul 25, 2024
Externally Controlled Reference to a Resource in Another Sphere, Improper Input Validation, and External Control of File Name or Path in Ansible
High
CVE-2019-14905
was published
for
ansible
(pip)
Apr 20, 2021
A file overwrite vulnerability exists in gaizhenbiao/chuanhuchatgpt versions <= 20240410. This...
Moderate
Unreviewed
CVE-2024-5823
was published
Oct 29, 2024
ASUS Armoury Crate has a vulnerability in arbitrary file write and allows remote attackers to...
Critical
Unreviewed
CVE-2023-5716
was published
Jan 19, 2024
HashiCorp Nomad vulnerable to symlink attacks
High
CVE-2024-1329
was published
for
github.com/hashicorp/nomad
(Go)
Feb 8, 2024
Nomad Vulnerable to Allocation Directory Escape On Non-Existing File Paths Through Archive Unpacking
Moderate
CVE-2024-7625
was published
for
github.com/hashicorp/nomad
(Go)
Aug 15, 2024
Local privilege escalation during installation due to improper soft link handling. The following...
High
Unreviewed
CVE-2022-46869
was published
Aug 31, 2023
CVE-2024-45826 IMPACT
Due to improper input validation, a path traversal and remote code...
High
Unreviewed
CVE-2024-45826
was published
Sep 12, 2024
In certain highly specific configurations of the host system and MongoDB server binary...
Moderate
Unreviewed
CVE-2024-8207
was published
Aug 27, 2024
A vulnerability was found in SourceCodester Simple Online Bidding System 1.0. It has been...
Moderate
Unreviewed
CVE-2024-7911
was published
Aug 18, 2024
A vulnerability exists in the Rockwell Automation Emulate3D™, which could be leveraged to execute...
Moderate
Unreviewed
CVE-2024-6079
was published
Aug 13, 2024
Dell Command | Update, Dell Update, and Alienware Update UWP, versions prior to 5.4, contain an...
Moderate
Unreviewed
CVE-2024-28962
was published
Aug 6, 2024
HashiCorp Nomad and Nomad Enterprise 1.6.12 up to 1.7.9, and 1.8.1 archive unpacking during...
High
Unreviewed
CVE-2024-6717
was published
Jul 23, 2024
Windows Distributed Transaction Coordinator Remote Code Execution Vulnerability
Moderate
Unreviewed
CVE-2024-38049
was published
Jul 9, 2024
CometBFT is unstability during blocksync when syncing from malicious peer
Moderate
GHSA-hg58-rf2h-6rr7
was published
for
github.com/cometbft/cometbft
(Go)
Jun 28, 2024
Grafana Fine-grained access control vulnerability
Critical
CVE-2021-41244
was published
for
github.com/grafana/grafana
(Go)
May 14, 2024
Spin applications with specific configuration vulnerable to potential network sandbox escape
Critical
CVE-2024-32980
was published
for
spin-sdk
(Rust)
May 8, 2024
Moodle External Control of File Name or Path vulnerability
Moderate
CVE-2023-30943
was published
for
moodle/moodle
(Composer)
May 2, 2023
A vulnerability has been identified in syngo Dynamics (All versions < VA40G HF01). syngo Dynamics...
High
Unreviewed
CVE-2022-42734
was published
Jul 6, 2023
An access issue was addressed with additional sandbox restrictions. This issue is fixed in...
Critical
Unreviewed
CVE-2019-7290
was published
May 24, 2022
A vulnerability has been identified in Automation License Manager V5 (All versions), Automation...
High
Unreviewed
CVE-2022-43513
was published
Jan 10, 2023
On affected Wago products an remote attacker with administrative privileges can access files to...
Low
Unreviewed
CVE-2023-4089
was published
Oct 17, 2023
A file write vulnerability exists in the OAS Engine configuration functionality of Open...
High
Unreviewed
CVE-2023-32615
was published
Sep 5, 2023
The WireGuard client 0.5.3 on Windows insecurely configures the operating system and firewall...
Moderate
Unreviewed
CVE-2023-35838
was published
Aug 10, 2023
In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 a remote attacker with...
Moderate
Unreviewed
CVE-2023-37856
was published
Aug 9, 2023
ProTip!
Advisories are also available from the
GraphQL API