GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,029
Erlang
29
GitHub Actions
16
Go
1,832
Maven
5,000+
npm
3,573
NuGet
632
pip
3,158
Pub
10
RubyGems
847
Rust
797
Swift
34
Unreviewed advisories
All unreviewed
5,000+
10,776 advisories
Filter by severity
NVIDIA CUDA Toolkit for all platforms contains a vulnerability in nvdisasm, where an attacker can...
Low
Unreviewed
CVE-2024-0102
was published
Aug 8, 2024
Concrete CMS Stored XSS in getAttributeSetName
Low
CVE-2024-7394
was published
for
concrete5/concrete5
(Composer)
Aug 8, 2024
CosmWasm wasmd has large address count in ValidateBasic
Low
GHSA-m3rh-cvr5-x6q4
was published
for
github.com/CosmWasm/wasmd
(Go)
Aug 8, 2024
Access permission verification vulnerability in the Notepad module
Impact: Successful...
Low
Unreviewed
CVE-2024-42036
was published
Aug 8, 2024
In the Linux kernel, the following vulnerability has been resolved:
spi: don't unoptimize...
Low
Unreviewed
CVE-2024-42249
was published
Aug 7, 2024
In the Linux kernel, the following vulnerability has been resolved:
filemap: replace...
Low
Unreviewed
CVE-2024-42233
was published
Aug 7, 2024
Race in Frames in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a...
Low
Unreviewed
CVE-2024-6996
was published
Aug 6, 2024
oFono AT CMGR Command Uninitialized Variable Information Disclosure Vulnerability. This...
Low
Unreviewed
CVE-2024-7542
was published
Aug 6, 2024
oFono AT CMGL Command Uninitialized Variable Information Disclosure Vulnerability. This...
Low
Unreviewed
CVE-2024-7540
was published
Aug 6, 2024
oFono QMI SMS Handling Out-Of-Bounds Read Information Disclosure Vulnerability. This...
Low
Unreviewed
CVE-2024-7537
was published
Aug 6, 2024
oFono AT CMT Command Uninitialized Variable Information Disclosure Vulnerability. This...
Low
Unreviewed
CVE-2024-7541
was published
Aug 6, 2024
Owncast Path Traversal vulnerability
Low
CVE-2024-31450
was published
for
github.com/owncast/owncast
(Go)
Aug 5, 2024
ipl/web's `ipl\Web\Common\CsrfCounterMeasure` is susceptible to CSRF
Low
CVE-2024-41811
was published
for
ipl/web
(Composer)
Aug 5, 2024
Elliptic's ECDSA missing check for whether leading bit of r and s is zero
Low
CVE-2024-42460
was published
for
elliptic
(npm)
Aug 2, 2024
Elliptic's EDDSA missing signature length check
Low
CVE-2024-42459
was published
for
elliptic
(npm)
Aug 2, 2024
Elliptic allows BER-encoded signatures
Low
CVE-2024-42461
was published
for
elliptic
(npm)
Aug 2, 2024
Concrete CMS vulnerable to Stored Cross-site Scripting
Low
CVE-2024-4353
was published
for
concrete5/concrete5
(Composer)
Aug 1, 2024
Improper Input Validation of query search results for private field data in PingIDM OPENIDM ...
Low
Unreviewed
CVE-2024-23600
was published
Aug 1, 2024
Mattermost allows remote actor to set arbitrary RemoteId values for synced users
Low
CVE-2024-41926
was published
for
github.com/mattermost/mattermost/server/v8
(Go)
Aug 1, 2024
Mattermost did not properly restrict channel creation
Low
CVE-2024-39837
was published
for
github.com/mattermost/mattermost/server/v8
(Go)
Aug 1, 2024
Mattermost failed to properly validate synced reactions
Low
CVE-2024-29977
was published
for
github.com/mattermost/mattermost/server/v8
(Go)
Aug 1, 2024
Dell iDRAC Service Module version 5.3.0.0 and prior contains Out of bound write Vulnerability. A...
Low
Unreviewed
CVE-2024-38489
was published
Aug 1, 2024
Stored XSS vulnerability has been discovered in OpenText™ Filr product, affecting versions 24.1.1...
Low
Unreviewed
CVE-2024-4187
was published
Jul 31, 2024
A denial-of-service vulnerability could allow an authenticated user to trigger an internal...
Low
Unreviewed
CVE-2022-4003
was published
Jul 31, 2024
biscuit-auth vulnerable to public key confusion in third party block
Low
CVE-2024-41949
was published
for
biscuit-auth
(Rust)
Jul 31, 2024
ProTip!
Advisories are also available from the
GraphQL API