Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,248
Erlang
31
GitHub Actions
21
Go
2,016
Maven
5,000+
npm
3,721
NuGet
662
pip
3,400
Pub
11
RubyGems
890
Rust
852
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

270 advisories

Loading
An attacker who can execute arbitrary Operating Systems commands, can bypass code signing... Moderate Unreviewed
CVE-2024-52548 was published Dec 3, 2024
IPP software versions prior to v1.71 do not sufficiently verify the authenticity of data, in a... Moderate Unreviewed
CVE-2022-33861 was published Nov 25, 2024
Affected devices beacon to eCharge cloud infrastructure asking if there are any command they... Critical Unreviewed
CVE-2024-11666 was published Nov 25, 2024
Visteon Infotainment VIP MCU Code Insufficient Validation of Data Authenticity Local Privilege... High Unreviewed
CVE-2024-8356 was published Nov 23, 2024
Insufficient Verification of Data Authenticity vulnerability in Mitsubishi Electric Corporation... Critical Unreviewed
CVE-2023-4699 was published Nov 6, 2023
In 2N Access Commander versions 3.1.1.2 and prior, an Insufficient Verification of Data... Moderate Unreviewed
CVE-2024-47254 was published Nov 5, 2024
In 2N Access Commander versions 3.1.1.2 and prior, a local attacker can escalate their privileges... Moderate Unreviewed
CVE-2024-47255 was published Nov 5, 2024
Insufficient verification of data authenticity in the configuration state machine may allow a... Low Unreviewed
CVE-2023-20570 was published Feb 13, 2024
VULNERABILITY DETAILS Rockwell Automation used the latest versions of the CVSS scoring system to... High Unreviewed
CVE-2024-7847 was published Oct 14, 2024
The goTenna Pro ATAK Plugin use AES CTR mode for short, encrypted messages without any... Moderate Unreviewed
CVE-2024-43108 was published Sep 26, 2024
The goTenna Pro series use AES CTR mode for short, encrypted messages without any additional... Moderate Unreviewed
CVE-2024-47123 was published Sep 26, 2024
An issue has been discovered in GitLab CE/EE affecting all versions from 12.2 prior to 16.5.6, 16... Low Unreviewed
CVE-2023-2030 was published Jan 12, 2024
An issue has been discovered in GitLab affecting all versions starting from 11.2 before 16.2.8,... Moderate Unreviewed
CVE-2023-3920 was published Sep 29, 2023
In CODESYS Development System versions from 3.5.11.20 and before 3.5.19.20 a missing integrity... High Unreviewed
CVE-2023-3663 was published Aug 3, 2023
Malformed Device Reset Locally command classes can be sent to temporarily deny service to an end... High Unreviewed
CVE-2024-3051 was published Apr 27, 2024
Malformed Device Reset Locally Command Class packets can be sent to the controller, causing the... Moderate Unreviewed
CVE-2023-6533 was published Feb 21, 2024
The Limit Login Attempts Plus plugin for WordPress is vulnerable to IP Address Spoofing in... Moderate Unreviewed
CVE-2022-4533 was published Sep 19, 2024
Sony XAV-AX5500 Insufficient Firmware Update Validation Remote Code Execution Vulnerability. This... Moderate Unreviewed
CVE-2024-23922 was published Sep 23, 2024
IBM Aspera Faspex 5.0.5 could allow a remote attacked to bypass IP restrictions due to improper... High Unreviewed
CVE-2023-35906 was published Sep 5, 2023
Insufficient verification of data authenticity in the installer for Zoom Workplace VDI App for... Moderate Unreviewed
CVE-2024-27244 was published May 15, 2024
The Web Application Firewall plugin for WordPress is vulnerable to IP Address Spoofing in... Moderate Unreviewed
CVE-2022-4539 was published Aug 31, 2024
An issue was discovered in Technitium through 11.0.3. It enables attackers to conduct a DNS cache... High Unreviewed
CVE-2023-28457 was published Sep 18, 2024
Matrix Tafnit v8 - CWE-646: Reliance on File Name or Extension of Externally-Supplied File Moderate Unreviewed
CVE-2024-38432 was published Jul 30, 2024
Dovecot accepts dot LF DOT LF symbol as end of DATA command. RFC requires that it should always... Moderate Unreviewed
CVE-2024-25584 was published Sep 6, 2024
Insufficient data validation in Installer in Google Chrome on Windows prior to 128.0.6613.84... High Unreviewed
CVE-2024-7980 was published Aug 21, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database