Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,978
Erlang
29
GitHub Actions
16
Go
1,768
Maven
4,991
npm
3,537
NuGet
616
pip
3,107
Pub
10
RubyGems
837
Rust
786
Swift
34
Unreviewed advisories
All unreviewed
5,000+

10,694 advisories

Loading
Mattermost Desktop App allows for bypassing TCC restrictions on macOS Low
CVE-2024-36287 was published for mattermost-desktop (npm) Jun 14, 2024
DoS in KAS in GitLab CE/EE affecting all versions from 16.10.0 prior to 16.10.6 and 16.11.0 prior... Low Unreviewed
CVE-2024-5469 was published Jun 14, 2024
The Easy WP SMTP by SendLayer – WordPress SMTP and Email Log Plugin plugin for WordPress is... Low Unreviewed
CVE-2024-3073 was published Jun 13, 2024
Adobe Experience Manager versions 6.5.20 and earlier are affected by an Improper Input Validation... Low Unreviewed
CVE-2024-36226 was published Jun 13, 2024
Adobe Experience Manager versions 6.5.20 and earlier are affected by an Improper Input Validation... Low Unreviewed
CVE-2024-26127 was published Jun 13, 2024
Adobe Experience Manager versions 6.5.20 and earlier are affected by an Improper Input Validation... Low Unreviewed
CVE-2024-26126 was published Jun 13, 2024
HashiCorp Vault Incorrectly Validated JSON Web Tokens (JWT) Audience Claims Low
CVE-2024-5798 was published for github.com/hashicorp/vault (Go) Jun 12, 2024
Keycloak Denial of Service via account lockout Low
GHSA-cq42-vhv7-xr7p was published for org.keycloak:keycloak-services (Maven) Jun 12, 2024
Keycloak's improper input validation allows using email as username Low
GHSA-4vc8-pg5c-vg4x was published for org.keycloak:keycloak-services (Maven) Jun 12, 2024
@strapi/plugin-content-manager leaks data via relations via the Admin Panel Low
CVE-2024-29181 was published for @strapi/plugin-content-manager (npm) Jun 12, 2024
felixdkatt derrickmehaffy
Bassel17 christiancp100
A stored cross site scripting vulnerability exists in Tenable Security Center where an... Low Unreviewed
CVE-2024-1891 was published Jun 12, 2024
A Cross-site request forgery (CSRF) flaw was found in Keycloak and occurs due to the lack of a... Low Unreviewed
CVE-2024-5203 was published Jun 12, 2024
A vulnerability exists in the FOXMAN-UN/UNEM in which sensitive information is stored in... Low Unreviewed
CVE-2024-28024 was published Jun 11, 2024
A low severity vulnerability in BIPS has been identified where an attacker with high privileges... Low Unreviewed
CVE-2024-5812 was published Jun 11, 2024
A use of password hash with insufficient computational effort vulnerability [CWE-916] affecting... Low Unreviewed
CVE-2024-21754 was published Jun 11, 2024
A vulnerability has been identified in TIA Administrator (All versions < V3 SP2). The affected... Low Unreviewed
CVE-2023-38533 was published Jun 11, 2024
On Unix, SAP BusinessObjects Business Intelligence Platform (Scheduling) allows an authenticated... Low Unreviewed
CVE-2024-34684 was published Jun 11, 2024
A privacy issue was addressed with improved handling of temporary files. This issue is fixed in... Low Unreviewed
CVE-2024-27845 was published Jun 10, 2024
The issue was addressed by restricting options offered on a locked device. This issue is fixed in... Low Unreviewed
CVE-2024-27819 was published Jun 10, 2024
This issue was addressed through improved state management. This issue is fixed in watchOS 10.5.... Low Unreviewed
CVE-2024-27814 was published Jun 10, 2024
This issue was addressed with additional entitlement checks. This issue is fixed in macOS Sonoma... Low Unreviewed
CVE-2024-27799 was published Jun 10, 2024
`docker cp` allows unexpected chmod of host files in Moby Docker Engine Low
CVE-2021-41089 was published for github.com/docker/docker (Go) Jun 10, 2024
LevanaXr ssst0n3
Authentication Bypass by Spoofing vulnerability in Acurax Under Construction / Maintenance Mode... Low Unreviewed
CVE-2024-35749 was published Jun 10, 2024
Missing Authorization vulnerability in weForms.This issue affects weForms: from n/a through 1.6.20. Low Unreviewed
CVE-2024-30512 was published Jun 9, 2024
zenml-io/zenml does not expire the session after password reset Low
CVE-2024-4680 was published for zenml (pip) Jun 8, 2024
ProTip! Advisories are also available from the GraphQL API