Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,168
Erlang
30
GitHub Actions
19
Go
1,975
Maven
5,000+
npm
3,698
NuGet
654
pip
3,314
Pub
11
RubyGems
882
Rust
831
Swift
35
Unreviewed advisories
All unreviewed
5,000+

58 advisories

Loading
HashiCorp Nomad vulnerable to symlink attacks High
CVE-2024-1329 was published for github.com/hashicorp/nomad (Go) Feb 8, 2024
Local privilege escalation during installation due to improper soft link handling. The following... High Unreviewed
CVE-2022-46869 was published Aug 31, 2023
CVE-2024-45826 IMPACT Due to improper input validation, a path traversal and remote code... High Unreviewed
CVE-2024-45826 was published Sep 12, 2024
HashiCorp Nomad and Nomad Enterprise 1.6.12 up to 1.7.9, and 1.8.1 archive unpacking during... High Unreviewed
CVE-2024-6717 was published Jul 23, 2024
A vulnerability has been identified in syngo Dynamics (All versions < VA40G HF01). syngo Dynamics... High Unreviewed
CVE-2022-42734 was published Jul 6, 2023
A vulnerability has been identified in Automation License Manager V5 (All versions), Automation... High Unreviewed
CVE-2022-43513 was published Jan 10, 2023
A file write vulnerability exists in the OAS Engine configuration functionality of Open... High Unreviewed
CVE-2023-32615 was published Sep 5, 2023
A vulnerability has been identified in syngo Dynamics (All versions < VA40G HF01). syngo Dynamics... High Unreviewed
CVE-2022-42893 was published Jul 6, 2023
A vulnerability has been identified in syngo Dynamics (All versions < VA40G HF01). syngo Dynamics... High Unreviewed
CVE-2022-42891 was published Jul 6, 2023
A vulnerability has been identified in syngo Dynamics (All versions < VA40G HF01). syngo Dynamics... High Unreviewed
CVE-2022-42732 was published Jul 6, 2023
A vulnerability has been identified in syngo Dynamics (All versions < VA40G HF01). syngo Dynamics... High Unreviewed
CVE-2022-42733 was published Jul 6, 2023
Advantech R-SeeNet versions 2.4.22 allows low-level users to access and load the content of... High Unreviewed
CVE-2023-3256 was published Jun 22, 2023
In toUriInner of Intent.java, there is a possible way to launch an arbitrary activity due to a... High Unreviewed
CVE-2023-21097 was published Apr 19, 2023
An issue was discovered in Insyde InsydeH2O with kernel 5.2 through 5.5. The Save State register... High Unreviewed
CVE-2023-22616 was published Apr 12, 2023
The All-in-One Video Gallery plugin for WordPress is vulnerable to arbitrary file downloads and... High Unreviewed
CVE-2022-2633 was published Sep 7, 2022
Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability. High Unreviewed
CVE-2022-30190 was published Jun 2, 2022
Malicious Code Execution Vulnerability due to External Control of File Name or Path in multiple... High Unreviewed
CVE-2023-5247 was published Nov 30, 2023
An arbitrary file creation vulnerability exists in the Javascript exportDataObject API of Foxit... High Unreviewed
CVE-2023-35985 was published Nov 27, 2023
A code execution vulnerability exists in the Javascript saveAs API of Foxit Reader 12.1.3.15356.... High Unreviewed
CVE-2023-39542 was published Nov 27, 2023
An arbitrary file creation vulnerability exists in the Javascript exportDataObject API of Foxit... High Unreviewed
CVE-2023-40194 was published Nov 27, 2023
Password vault has a External Control of System or Configuration Setting vulnerability.Successful... High Unreviewed
CVE-2021-39971 was published Jan 4, 2022
In openFileAndEnforcePathPermissionsHelper of MediaProvider.java, there is a possible bypass of a... High Unreviewed
CVE-2021-39663 was published Feb 12, 2022
In onActivityViewReady of DetailDialog.kt, there is a possible Intent Redirect due to a confused... High Unreviewed
CVE-2021-39668 was published Feb 12, 2022
In setLaunchIntent of BluetoothDevicePickerPreferenceController.java, there is a possible way to... High Unreviewed
CVE-2021-1035 was published Jan 15, 2022
In onAttach of ConnectedDeviceDashboardFragment.java, there is a possible permission bypass due... High Unreviewed
CVE-2021-39626 was published Jan 15, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database