Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,028
Erlang
29
GitHub Actions
16
Go
1,830
Maven
5,000+
npm
3,573
NuGet
632
pip
3,157
Pub
10
RubyGems
847
Rust
796
Swift
34
Unreviewed advisories
All unreviewed
5,000+

244,472 advisories

Loading
Apache Superset server arbitrary file read Moderate
CVE-2024-34693 was published for apache-superset (pip) Jun 20, 2024
ACME DNS: Azure Identity Libraries Elevation of Privilege Vulnerability Moderate
GHSA-rvj4-q8q5-8grf was published for github.com/traefik/traefik/v2 (Go) Jun 20, 2024
Delta Electronics CNCSoft-G2 lacks proper validation of user-supplied data, which can result in a... High Unreviewed
CVE-2024-39881 was published Jul 10, 2024
Delta Electronics CNCSoft-G2 lacks proper validation of the length of user-supplied data prior to... High Unreviewed
CVE-2024-39880 was published Jul 10, 2024
Microsoft Security Advisory CVE-2024-38095 | .NET Denial of Service Vulnerability High
CVE-2024-38095 was published for Microsoft.NetCore.App.Runtime.linux-arm (NuGet) Jul 9, 2024
zipp Denial of Service vulnerability Moderate
CVE-2024-5569 was published for zipp (pip) Jul 9, 2024
Undertow Missing Release of Memory after Effective Lifetime vulnerability Moderate
CVE-2024-3653 was published for io.undertow:undertow-core (Maven) Jul 9, 2024
A denial-of-service attack is possible through the execution functionality of KNIME Business Hub... High Unreviewed
CVE-2024-6598 was published Jul 9, 2024
SQL Injection vulnerability in parameter "w" in file "druk.php" in MegaBIP software allows... Critical Unreviewed
CVE-2024-6527 was published Jul 9, 2024
PingOne MFA Integration Kit contains a vulnerability where the skipMFA action can be configured... High Unreviewed
CVE-2023-40702 was published Jul 9, 2024
Gogs allows argument injection during the previewing of changes Critical
CVE-2024-39932 was published for github.com/gogs/gogs (Go) Jul 4, 2024
Microsoft Security Advisory CVE-2024-38081 | .NET Denial of Service Vulnerability High
CVE-2024-38081 was published for Microsoft.IO.Redist (NuGet) Jul 9, 2024
Microsoft Security Advisory CVE-2024-35264 | .NET Remote Code Execution Vulnerability High
CVE-2024-35264 was published for Microsoft.AspNetCore.App.Runtime.linux-arm (NuGet) Jul 9, 2024
ZITADEL Vulnerable to Session Information Leakage Moderate
CVE-2024-39683 was published for github.com/zitadel/zitadel (Go) Jul 5, 2024
cybertransformer livio-a
fforootd Avolicious AmirhoseinBrz srividyaj
Delta Electronics CNCSoft-G2 lacks proper validation of user-supplied data, which can result in a... High Unreviewed
CVE-2024-39882 was published Jul 10, 2024
Longse model LBH30FE200W cameras, as well as products based on this device, make use of telnet... High Unreviewed
CVE-2024-5634 was published Jul 9, 2024
Exposure of Sensitive Information to an Unauthorized Actor in Samsung Galaxy SmartTag2 prior to 0... High Unreviewed
CVE-2024-32670 was published Jul 10, 2024
Undici vulnerable to data leak when using response.arrayBuffer() Low
CVE-2024-38372 was published for undici (npm) Jul 9, 2024
bcomnes KhafraDev
Delta Electronics CNCSoft-G2 lacks proper validation of the length of user-supplied data prior to... High Unreviewed
CVE-2024-39883 was published Jul 10, 2024
Bypassing IP allow-lists in traefik via HTTP/3 early data requests in QUIC 0-RTT handshakes High
CVE-2024-39321 was published for github.com/traefik/traefik/v2 (Go) Jul 5, 2024
MWedl
zerovec-derive incorrectly uses `#[repr(packed)]` Moderate
GHSA-74r5-g7vc-j2v2 was published for zerovec-derive (Rust) Jul 8, 2024
hikiko4ern
panic on parsing crafted phonenumber inputs High
CVE-2024-39697 was published for phonenumber (Rust) Jul 9, 2024
rubdos
Server Side Request Forgery (SSRF) attack in Fedify High
CVE-2024-39687 was published for @fedify/fedify (npm) Jul 5, 2024
ThisIsMissEm
Spring Cloud Function Framework vulnerable to Denial of Service High
CVE-2024-22271 was published for org.springframework.cloud:spring-cloud-function-context (Maven) Jul 9, 2024
PingOne MFA Integration Kit contains a vulnerability related to the Prompt Users to Set Up MFA... High Unreviewed
CVE-2023-40356 was published Jul 9, 2024
ProTip! Advisories are also available from the GraphQL API