GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,108
Erlang
29
GitHub Actions
19
Go
1,925
Maven
5,000+
npm
3,664
NuGet
642
pip
3,264
Pub
10
RubyGems
873
Rust
823
Swift
35
Unreviewed advisories
All unreviewed
5,000+
10,929 advisories
Filter by severity
In JetBrains TeamCity before 2024.07.3 stored XSS was possible via server global settings
Low
Unreviewed
CVE-2024-47951
was published
Oct 8, 2024
In JetBrains TeamCity before 2024.07.3 stored XSS was possible in Backup configuration settings
Low
Unreviewed
CVE-2024-47950
was published
Oct 8, 2024
An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in...
Low
Unreviewed
CVE-2024-33506
was published
Oct 8, 2024
Information Disclosure in TYPO3 Page Tree
Low
CVE-2024-47780
was published
for
typo3/cms-backend
(Composer)
Oct 8, 2024
CWE-20: Improper Input Validation vulnerability exists that could cause a crash of the Zelio Soft...
Low
Unreviewed
CVE-2024-8518
was published
Oct 8, 2024
Use of implicit intent for sensitive communication in translation혻in Samsung Internet prior to...
Low
Unreviewed
CVE-2024-34671
was published
Oct 8, 2024
in OpenHarmony v4.1.0 and prior versions allow a local attacker cause DOS through improper input.
Low
Unreviewed
CVE-2024-43697
was published
Oct 8, 2024
in OpenHarmony v4.1.0 and prior versions allow a local attacker cause DOS by memory leak.
Low
Unreviewed
CVE-2024-43696
was published
Oct 8, 2024
in OpenHarmony v4.1.0 and prior versions allow a local attacker cause DOS through out-of-bounds...
Low
Unreviewed
CVE-2024-45382
was published
Oct 8, 2024
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')...
Low
Unreviewed
CVE-2024-43687
was published
Oct 4, 2024
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')...
Low
Unreviewed
CVE-2024-43686
was published
Oct 4, 2024
cookie accepts cookie name, path, and domain with out of bounds characters
Low
CVE-2024-47764
was published
for
cookie
(npm)
Oct 4, 2024
A Path Traversal (Local File Inclusion) vulnerability in "BinaryFileRedirector.ashx" in CADClick...
Low
Unreviewed
CVE-2024-41511
was published
Oct 4, 2024
NVIDIA CUDA Toolkit for Windows and Linux contains a vulnerability in the nvdisam command line...
Low
Unreviewed
CVE-2024-0124
was published
Oct 3, 2024
NVIDIA CUDA toolkit for Windows and Linux contains a vulnerability in the nvdisasm command line...
Low
Unreviewed
CVE-2024-0123
was published
Oct 3, 2024
NVIDIA CUDA Toolkit for Windows and Linux contains a vulnerability in the nvdisam command line...
Low
Unreviewed
CVE-2024-0125
was published
Oct 3, 2024
OpenTofu potential leaking of secret variable values when using static evaluation in v1.8
Low
GHSA-wpr2-j6gr-pjw9
was published
for
github.com/opentofu/opentofu
(Go)
Oct 3, 2024
Contao allows admin an account to upload SVG file containing malicious JavaScript
Low
CVE-2024-45965
was published
for
contao/contao
(Composer)
Oct 2, 2024
October allows an admin account to upload PDF containing malicious JavaScript
Low
CVE-2024-45962
was published
for
october/october
(Composer)
Oct 2, 2024
Zenario allows authenticated admin users to upload PDF files containing malicious code
Low
CVE-2024-45960
was published
for
tribalsystems/zenario
(Composer)
Oct 2, 2024
Zenario Cross Site Scripting in the Image library
Low
CVE-2024-45964
was published
for
tribalsystems/zenario
(Composer)
Oct 2, 2024
Slim Select has potential Cross-site Scripting issue
Low
CVE-2024-9440
was published
for
slim-select
(npm)
Oct 2, 2024
LibreNMS vulnerable to Stored Cross-site Scripting via File Upload
Low
CVE-2024-47528
was published
for
librenms/librenms
(Composer)
Oct 1, 2024
LibreNMS has Stored Cross-site Scripting vulnerability in "Alert Templates" feature
Low
CVE-2024-47526
was published
for
librenms/librenms
(Composer)
Oct 1, 2024
HCL Nomad server on Domino did not configure certain HTTP Security headers by default which could...
Low
Unreviewed
CVE-2024-30132
was published
Oct 1, 2024
ProTip!
Advisories are also available from the
GraphQL API