GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,028
Erlang
29
GitHub Actions
16
Go
1,830
Maven
5,000+
npm
3,573
NuGet
632
pip
3,157
Pub
10
RubyGems
847
Rust
796
Swift
34
Unreviewed advisories
All unreviewed
5,000+
244,472 advisories
Filter by severity
Apache Superset server arbitrary file read
Moderate
CVE-2024-34693
was published
for
apache-superset
(pip)
Jun 20, 2024
ACME DNS: Azure Identity Libraries Elevation of Privilege Vulnerability
Moderate
GHSA-rvj4-q8q5-8grf
was published
for
github.com/traefik/traefik/v2
(Go)
Jun 20, 2024
Delta Electronics CNCSoft-G2 lacks proper validation of user-supplied data, which can result in a...
High
Unreviewed
CVE-2024-39881
was published
Jul 10, 2024
Delta Electronics CNCSoft-G2 lacks proper validation of the length of user-supplied data prior to...
High
Unreviewed
CVE-2024-39880
was published
Jul 10, 2024
Microsoft Security Advisory CVE-2024-38095 | .NET Denial of Service Vulnerability
High
CVE-2024-38095
was published
for
Microsoft.NetCore.App.Runtime.linux-arm
(NuGet)
Jul 9, 2024
zipp Denial of Service vulnerability
Moderate
CVE-2024-5569
was published
for
zipp
(pip)
Jul 9, 2024
Undertow Missing Release of Memory after Effective Lifetime vulnerability
Moderate
CVE-2024-3653
was published
for
io.undertow:undertow-core
(Maven)
Jul 9, 2024
A denial-of-service attack is possible through the execution functionality of KNIME Business Hub...
High
Unreviewed
CVE-2024-6598
was published
Jul 9, 2024
SQL Injection vulnerability in parameter "w" in file "druk.php" in MegaBIP software allows...
Critical
Unreviewed
CVE-2024-6527
was published
Jul 9, 2024
PingOne MFA Integration Kit contains a vulnerability where the skipMFA action can be configured...
High
Unreviewed
CVE-2023-40702
was published
Jul 9, 2024
Gogs allows argument injection during the previewing of changes
Critical
CVE-2024-39932
was published
for
github.com/gogs/gogs
(Go)
Jul 4, 2024
Microsoft Security Advisory CVE-2024-38081 | .NET Denial of Service Vulnerability
High
CVE-2024-38081
was published
for
Microsoft.IO.Redist
(NuGet)
Jul 9, 2024
Microsoft Security Advisory CVE-2024-35264 | .NET Remote Code Execution Vulnerability
High
CVE-2024-35264
was published
for
Microsoft.AspNetCore.App.Runtime.linux-arm
(NuGet)
Jul 9, 2024
ZITADEL Vulnerable to Session Information Leakage
Moderate
CVE-2024-39683
was published
for
github.com/zitadel/zitadel
(Go)
Jul 5, 2024
Delta Electronics CNCSoft-G2 lacks proper validation of user-supplied data, which can result in a...
High
Unreviewed
CVE-2024-39882
was published
Jul 10, 2024
Longse model LBH30FE200W cameras, as well as products based on this device, make use of telnet...
High
Unreviewed
CVE-2024-5634
was published
Jul 9, 2024
Exposure of Sensitive Information to an Unauthorized Actor in Samsung Galaxy SmartTag2 prior to 0...
High
Unreviewed
CVE-2024-32670
was published
Jul 10, 2024
Undici vulnerable to data leak when using response.arrayBuffer()
Low
CVE-2024-38372
was published
for
undici
(npm)
Jul 9, 2024
Delta Electronics CNCSoft-G2 lacks proper validation of the length of user-supplied data prior to...
High
Unreviewed
CVE-2024-39883
was published
Jul 10, 2024
Bypassing IP allow-lists in traefik via HTTP/3 early data requests in QUIC 0-RTT handshakes
High
CVE-2024-39321
was published
for
github.com/traefik/traefik/v2
(Go)
Jul 5, 2024
zerovec-derive incorrectly uses `#[repr(packed)]`
Moderate
GHSA-74r5-g7vc-j2v2
was published
for
zerovec-derive
(Rust)
Jul 8, 2024
panic on parsing crafted phonenumber inputs
High
CVE-2024-39697
was published
for
phonenumber
(Rust)
Jul 9, 2024
Server Side Request Forgery (SSRF) attack in Fedify
High
CVE-2024-39687
was published
for
@fedify/fedify
(npm)
Jul 5, 2024
Spring Cloud Function Framework vulnerable to Denial of Service
High
CVE-2024-22271
was published
for
org.springframework.cloud:spring-cloud-function-context
(Maven)
Jul 9, 2024
PingOne MFA Integration Kit contains a vulnerability related to the Prompt Users to Set Up MFA...
High
Unreviewed
CVE-2023-40356
was published
Jul 9, 2024
ProTip!
Advisories are also available from the
GraphQL API