GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,023
Erlang
29
GitHub Actions
16
Go
1,830
Maven
5,000+
npm
3,573
NuGet
632
pip
3,156
Pub
10
RubyGems
847
Rust
796
Swift
34
Unreviewed advisories
All unreviewed
5,000+
10,769 advisories
Filter by severity
TONE store App version 3.4.2 and earlier contains an issue with unprotected primary channel....
Low
Unreviewed
CVE-2024-39886
was published
Jul 10, 2024
An issue was discovered in GitLab CE/EE affecting all versions starting from 17.0 prior to 17.0.4...
Low
Unreviewed
CVE-2024-5470
was published
Jul 11, 2024
An issue was discovered in GitLab CE/EE affecting all versions starting from 16.5 prior to 16.11...
Low
Unreviewed
CVE-2024-2880
was published
Jul 11, 2024
Improper output Neutralization for Logs (CWE-117) in the Command Centre API Diagnostics Endpoint...
Low
Unreviewed
CVE-2024-23194
was published
Jul 11, 2024
A cross-site scripting vulnerability exists in the admin console OIDC Policy Management Editor....
Low
Unreviewed
CVE-2024-22477
was published
Jul 10, 2024
A potential JSON injection attack vector exists in PingFederate REST API data stores using the...
Low
Unreviewed
CVE-2024-21832
was published
Jul 10, 2024
Private tokens could appear in logs if context containing gRPC metadata is logged in github.com/grpc/grpc-go
Low
GHSA-xr7q-jx4m-x55m
was published
for
google.golang.org/grpc
(Go)
Jul 5, 2024
A flaw was found in NetworkManager. When a system running NetworkManager with DEBUG logs enabled...
Low
Unreviewed
CVE-2024-6501
was published
Jul 9, 2024
An incorrect parsing of numbers with different radices vulnerability [CWE-1389] in FortiProxy...
Low
Unreviewed
CVE-2024-26015
was published
Jul 9, 2024
This flaw allows an attacker to insert cookies at will into a running program
using libcurl, if...
Low
Unreviewed
CVE-2023-38546
was published
Oct 18, 2023
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection'...
Low
Unreviewed
CVE-2024-35777
was published
Jul 9, 2024
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection'...
Low
Unreviewed
CVE-2024-37442
was published
Jul 9, 2024
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection'...
Low
Unreviewed
CVE-2024-37253
was published
Jul 9, 2024
Due to missing verification of file type or
content, SAP Enable Now allows an authenticated...
Low
Unreviewed
CVE-2024-34692
was published
Jul 9, 2024
Etcd auth Inaccurate logging of authentication attempts for users with CN-based auth only
Low
GHSA-vjg6-93fv-qv64
was published
for
go.etcd.io/etcd/v3
(Go)
Feb 3, 2024
Etcd embed auto compaction retention negative value causing a compaction loop or a crash
Low
GHSA-pm3m-32r3-7mfh
was published
for
go.etcd.io/etcd/v3
(Go)
Feb 3, 2024
Container build can leak any path on the host into the container
Low
GHSA-vp35-85q5-9f25
was published
for
github.com/docker/docker
(Go)
Nov 11, 2022
Certifi removes GLOBALTRUST root certificate
Low
CVE-2024-39689
was published
for
certifi
(pip)
Jul 5, 2024
yt-dlp has dependency on potentially malicious third-party code in Douyu extractors
Low
GHSA-3v33-3wmw-3785
was published
for
yt-dlp
(pip)
Jul 8, 2024
containerd started with non-empty inheritable Linux process capabilities
Low
GHSA-c9cp-9c75-9v8c
was published
for
github.com/containerd/containerd
(Go)
May 14, 2024
Use of implicit intent for sensitive communication in Samsung Messages prior to SMR Jul-2024...
Low
Unreviewed
CVE-2024-34602
was published
Jul 8, 2024
sshproxy vulnerable to SSH option injection
Low
CVE-2024-34713
was published
for
github.com/cea-hpc/sshproxy
(Go)
May 14, 2024
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Kodezen Limited Academy LMS...
Low
Unreviewed
CVE-2024-37234
was published
Jul 6, 2024
The OpenAI ChatGPT app before 2024-07-05 for macOS opts out of the sandbox, and stores...
Low
Unreviewed
CVE-2024-40594
was published
Jul 6, 2024
Etcd pkg Insecure ciphers are allowed by default
Low
GHSA-5x4g-q5rc-36jp
was published
for
go.etcd.io/etcd/client/pkg/v3
(Go)
Feb 3, 2024
ProTip!
Advisories are also available from the
GraphQL API