Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,023
Erlang
29
GitHub Actions
16
Go
1,830
Maven
5,000+
npm
3,573
NuGet
632
pip
3,156
Pub
10
RubyGems
847
Rust
796
Swift
34
Unreviewed advisories
All unreviewed
5,000+

12 advisories

Loading
ai-controller-frontend payment status in basket isn't reset Moderate
CVE-2024-39325 was published for aimeos/ai-controller-frontend (Composer) Jul 5, 2024
ssshah2131
A vulnerability, which was classified as problematic, has been found in spa-cartcms 1.9.0.6. This... Moderate Unreviewed
CVE-2024-6128 was published Jun 18, 2024
Digital products download without proper payment status check Moderate
CVE-2024-37296 was published for aimeos/ai-client-html (Composer) Jun 5, 2024
ssshah2131
Improper Enforcement of Behavioral Workflow vulnerability in DECE Software Geodi allows... High Unreviewed
CVE-2023-5921 was published Nov 22, 2023
A vulnerability, which was classified as critical, has been found in SourceCodester Free Hospital... Moderate Unreviewed
CVE-2023-4181 was published Aug 6, 2023
Keycloak: Impersonation and lockout possible through incorrect handling of email trust Moderate
CVE-2023-0105 was published for org.keycloak:keycloak-core (Maven) Jul 18, 2023
An Improper Enforcement of Behavioral Workflow vulnerability in the exchangeDeviceServices... Moderate Unreviewed
CVE-2023-1383 was published May 3, 2023
Duplicate Advisory: Keycloak allows impersonation and lockout due to email trust not being handled correctly Moderate
GHSA-vhvq-jh34-3fc8 was published for org.keycloak:keycloak-core (Maven) Jan 13, 2023 withdrawn
Client-side JavaScript controls may be bypassed to change user credentials and permissions... Critical Unreviewed
CVE-2022-2105 was published Jun 25, 2022
Controls limiting uploads to certain file extensions may be bypassed. This could allow an... High Unreviewed
CVE-2022-2102 was published Jun 25, 2022
Client-side JavaScript controls may be bypassed by directly running a JS function to reboot the... High Unreviewed
CVE-2022-1667 was published Jun 25, 2022
Publify Business Logic Errors High
CVE-2022-0524 was published for publify_core (RubyGems) Feb 9, 2022
ProTip! Advisories are also available from the GraphQL API