Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,972
Erlang
29
GitHub Actions
16
Go
1,762
Maven
4,983
npm
3,518
NuGet
609
pip
3,094
Pub
10
RubyGems
833
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+

10,675 advisories

Loading
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Kodezen Limited Academy LMS... Low Unreviewed
CVE-2024-37234 was published Jul 6, 2024
The OpenAI ChatGPT app before 2024-07-05 for macOS opts out of the sandbox, and stores... Low Unreviewed
CVE-2024-40594 was published Jul 6, 2024
Private tokens could appear in logs if context containing gRPC metadata is logged in github.com/grpc/grpc-go Low
GHSA-xr7q-jx4m-x55m was published for github.com/grpc/grpc-go (Go) Jul 5, 2024
Under certain circumstances, when the controller is in factory reset mode waiting for initial... Low Unreviewed
CVE-2024-32754 was published Jul 4, 2024
The Premium Addons for Elementor plugin for WordPress is vulnerable to Regular Expression Denial... Low Unreviewed
CVE-2024-6434 was published Jul 4, 2024
A flaw was found in the cockpit package. This flaw allows an authenticated user to kill any... Low Unreviewed
CVE-2024-6126 was published Jul 3, 2024
Mattermost versions 9.5.x <= 9.5.5 and 9.8.0 fail to properly sanitize the recipients of a... Low Unreviewed
CVE-2024-39807 was published Jul 3, 2024
Mattermost versions 9.5.x <= 9.5.5 and 9.8.0 fail to sanitize the RemoteClusterFrame payloads... Low Unreviewed
CVE-2024-39353 was published Jul 3, 2024
Mattermost versions 9.8.0, 9.7.x <= 9.7.4, 9.6.x <= 9.6.2 and 9.5.x <= 9.5.5 fail to prevent... Low Unreviewed
CVE-2024-39361 was published Jul 3, 2024
Mattermost versions 9.5.x <= 9.5.5 and 9.8.0, when using shared channels with multiple remote... Low Unreviewed
CVE-2024-36257 was published Jul 3, 2024
Improper Validation of Array Index vulnerability in Samsung Open Source Walrus Webassembly... Low Unreviewed
CVE-2024-32673 was published Jul 3, 2024
Improper input validation in Samsung Health prior to version 6.27.0.113 allows local attackers to... Low Unreviewed
CVE-2024-34597 was published Jul 2, 2024
Improper verification of intent by broadcast receiver vulnerability in Samsung Flow prior to... Low Unreviewed
CVE-2024-34600 was published Jul 2, 2024
Improper input validation in Tips prior to version 6.2.9.4 in Android 14 allows local attacker to... Low Unreviewed
CVE-2024-34599 was published Jul 2, 2024
aimeos/ai-admin-graphql improper access control vulnerability allows editors to manage own services Low
CVE-2024-39324 was published for aimeos/ai-admin-graphql (Composer) Jul 2, 2024
ssshah2131
Inclusion of Untrusted polyfill.io Code Vulnerability in fides.js Low
CVE-2024-38537 was published for ethyca-fides (pip) Jul 2, 2024
in OpenHarmony v4.0.0 and prior versions allow a local attacker cause apps crash through type... Low Unreviewed
CVE-2024-31071 was published Jul 2, 2024
in OpenHarmony v4.0.0 and prior versions allow a local attacker cause apps crash through type... Low Unreviewed
CVE-2024-36278 was published Jul 2, 2024
In Helix ALM versions prior to 2024.2.0, a local command injection was identified. Reported by... Low Unreviewed
CVE-2024-3995 was published Jun 29, 2024
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component ... Low Unreviewed
CVE-2024-39157 was published Jun 27, 2024
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component ... Low Unreviewed
CVE-2024-39156 was published Jun 27, 2024
An issue was discovered in GitLab CE/EE affecting all versions starting from 16.1 prior to 16.11... Low Unreviewed
CVE-2024-4011 was published Jun 27, 2024
Low severity (DoS) vulnerability in sequoia-openpgp Low
GHSA-9344-p847-qm5c was published for sequoia-openpgp (Rust) Jun 26, 2024
Exposure of secrets through system log in Jenkins Structs Plugin Low
CVE-2024-39458 was published for org.jenkins-ci.plugins:structs (Maven) Jun 26, 2024
October System module has an Open Redirect for Administrator Accounts Low
CVE-2024-24764 was published for october/system (Composer) Jun 26, 2024
ProTip! Advisories are also available from the GraphQL API