GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,024
Erlang
29
GitHub Actions
16
Go
1,830
Maven
5,000+
npm
3,573
NuGet
632
pip
3,156
Pub
10
RubyGems
847
Rust
796
Swift
34
Unreviewed advisories
All unreviewed
5,000+
10,770 advisories
Filter by severity
A vulnerability was found in TOTOLINK LR1200 9.3.1cu.2832. It has been classified as problematic....
Low
Unreviewed
CVE-2024-7216
was published
Jul 30, 2024
ipl/web's `ipl\Web\Common\CsrfCounterMeasure` is susceptible to CSRF
Low
CVE-2024-41811
was published
for
ipl/web
(Composer)
Aug 5, 2024
Steeltoe Leaks Basic Auth Credentials to Logs After Fetch Registry Error
Low
CVE-2024-40636
was published
for
Steeltoe.Discovery.ClientAutofac
(NuGet)
Jul 17, 2024
oFono QMI SMS Handling Out-Of-Bounds Read Information Disclosure Vulnerability. This...
Low
Unreviewed
CVE-2024-7537
was published
Aug 6, 2024
oFono AT CMGL Command Uninitialized Variable Information Disclosure Vulnerability. This...
Low
Unreviewed
CVE-2024-7540
was published
Aug 6, 2024
oFono AT CMT Command Uninitialized Variable Information Disclosure Vulnerability. This...
Low
Unreviewed
CVE-2024-7541
was published
Aug 6, 2024
oFono AT CMGR Command Uninitialized Variable Information Disclosure Vulnerability. This...
Low
Unreviewed
CVE-2024-7542
was published
Aug 6, 2024
Owncast Path Traversal vulnerability
Low
CVE-2024-31450
was published
for
github.com/owncast/owncast
(Go)
Aug 5, 2024
biscuit-java vulnerable to public key confusion in third party block
Low
CVE-2024-41948
was published
for
org.biscuitsec:biscuit
(Maven)
Jul 31, 2024
biscuit-auth vulnerable to public key confusion in third party block
Low
CVE-2024-41949
was published
for
biscuit-auth
(Rust)
Jul 31, 2024
Elliptic allows BER-encoded signatures
Low
CVE-2024-42461
was published
for
elliptic
(npm)
Aug 2, 2024
Elliptic's ECDSA missing check for whether leading bit of r and s is zero
Low
CVE-2024-42460
was published
for
elliptic
(npm)
Aug 2, 2024
Elliptic's EDDSA missing signature length check
Low
CVE-2024-42459
was published
for
elliptic
(npm)
Aug 2, 2024
Ankitects Anki LaTeX Blocklist Bypass vulnerability
Low
CVE-2024-32152
was published
for
anki
(pip)
Jul 22, 2024
Sentry's Python SDK unintentionally exposes environment variables to subprocesses
Low
CVE-2024-40647
was published
for
sentry-sdk
(pip)
Jul 18, 2024
An exposure of sensitive information vulnerability exists in the Rockwell Automation FactoryTalk®...
Low
Unreviewed
CVE-2024-6326
was published
Jul 16, 2024
@jmondi/url-to-png enables capture screenshot of localhost web services (unauthenticated pages)
Low
CVE-2024-39919
was published
for
@jmondi/url-to-png
(npm)
Jul 15, 2024
1Panel's password verification is suspected to have a timing attack vulnerability
Low
CVE-2024-30257
was published
for
github.com/1Panel-dev/1Panel
(Go)
Apr 18, 2024
Artifex Ghostscript before 10.0.3.0 has a heap-based pointer disclosure (observable in a...
Low
Unreviewed
CVE-2024-29508
was published
Jul 3, 2024
Concrete CMS vulnerable to Stored Cross-site Scripting
Low
CVE-2024-4353
was published
for
concrete5/concrete5
(Composer)
Aug 1, 2024
Improper Validation of Array Index vulnerability in Samsung Open Source Walrus Webassembly...
Low
Unreviewed
CVE-2024-32673
was published
Jul 3, 2024
IBM Db2 for i 7.2, 7.3, 7.4, and 7.5 supplies user defined table function is vulnerable to user...
Low
Unreviewed
CVE-2024-31870
was published
Jun 15, 2024
Improper Input Validation of query search results for private field data in PingIDM OPENIDM ...
Low
Unreviewed
CVE-2024-23600
was published
Aug 1, 2024
An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in...
Low
Unreviewed
CVE-2024-40777
was published
Jul 30, 2024
libcurl's URL API function
[curl_url_get()](https://curl.se/libcurl/c/curl_url_get.html) offers...
Low
Unreviewed
CVE-2024-6874
was published
Jul 24, 2024
ProTip!
Advisories are also available from the
GraphQL API