Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,023
Erlang
29
GitHub Actions
16
Go
1,830
Maven
5,000+
npm
3,573
NuGet
632
pip
3,156
Pub
10
RubyGems
847
Rust
796
Swift
34
Unreviewed advisories
All unreviewed
5,000+

10,769 advisories

Loading
Race in Frames in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a... Low Unreviewed
CVE-2024-6996 was published Aug 6, 2024
oFono AT CMGR Command Uninitialized Variable Information Disclosure Vulnerability. This... Low Unreviewed
CVE-2024-7542 was published Aug 6, 2024
oFono AT CMGL Command Uninitialized Variable Information Disclosure Vulnerability. This... Low Unreviewed
CVE-2024-7540 was published Aug 6, 2024
oFono QMI SMS Handling Out-Of-Bounds Read Information Disclosure Vulnerability. This... Low Unreviewed
CVE-2024-7537 was published Aug 6, 2024
oFono AT CMT Command Uninitialized Variable Information Disclosure Vulnerability. This... Low Unreviewed
CVE-2024-7541 was published Aug 6, 2024
Owncast Path Traversal vulnerability Low
CVE-2024-31450 was published for github.com/owncast/owncast (Go) Aug 5, 2024
ipl/web's `ipl\Web\Common\CsrfCounterMeasure` is susceptible to CSRF Low
CVE-2024-41811 was published for ipl/web (Composer) Aug 5, 2024
Elliptic's ECDSA missing check for whether leading bit of r and s is zero Low
CVE-2024-42460 was published for elliptic (npm) Aug 2, 2024
Elliptic's EDDSA missing signature length check Low
CVE-2024-42459 was published for elliptic (npm) Aug 2, 2024
Elliptic allows BER-encoded signatures Low
CVE-2024-42461 was published for elliptic (npm) Aug 2, 2024
Concrete CMS vulnerable to Stored Cross-site Scripting Low
CVE-2024-4353 was published for concrete5/concrete5 (Composer) Aug 1, 2024
Improper Input Validation of query search results for private field data in PingIDM OPENIDM ... Low Unreviewed
CVE-2024-23600 was published Aug 1, 2024
Mattermost allows remote actor to set arbitrary RemoteId values for synced users Low
CVE-2024-41926 was published for github.com/mattermost/mattermost/server/v8 (Go) Aug 1, 2024
Mattermost did not properly restrict channel creation Low
CVE-2024-39837 was published for github.com/mattermost/mattermost/server/v8 (Go) Aug 1, 2024
Mattermost failed to properly validate synced reactions Low
CVE-2024-29977 was published for github.com/mattermost/mattermost/server/v8 (Go) Aug 1, 2024
Dell iDRAC Service Module version 5.3.0.0 and prior contains Out of bound write Vulnerability. A... Low Unreviewed
CVE-2024-38489 was published Aug 1, 2024
Stored XSS vulnerability has been discovered in OpenText™ Filr product, affecting versions 24.1.1... Low Unreviewed
CVE-2024-4187 was published Jul 31, 2024
A denial-of-service vulnerability could allow an authenticated user to trigger an internal... Low Unreviewed
CVE-2022-4003 was published Jul 31, 2024
biscuit-auth vulnerable to public key confusion in third party block Low
CVE-2024-41949 was published for biscuit-auth (Rust) Jul 31, 2024
biscuit-java vulnerable to public key confusion in third party block Low
CVE-2024-41948 was published for org.biscuitsec:biscuit (Maven) Jul 31, 2024
DM5500 5.16.0.0, contains an information disclosure vulnerability. A local attacker with high... Low Unreviewed
CVE-2024-37135 was published Jul 31, 2024
In versions of Akana API Platform prior to 2024.1.0 overly verbose errors can be found in SAML... Low Unreviewed
CVE-2024-5250 was published Jul 30, 2024
The fuels-ts typescript SDK has no awareness of to-be-spent transactions Low
CVE-2024-41945 was published for @fuel-ts/account (npm) Jul 30, 2024
Torres-ssf danielbate
Dhaiwat10 petertonysmith94 maschad arboleya
IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0 could... Low Unreviewed
CVE-2022-33167 was published Jul 30, 2024
A vulnerability was found in TOTOLINK LR1200 9.3.1cu.2832. It has been classified as problematic.... Low Unreviewed
CVE-2024-7216 was published Jul 30, 2024
ProTip! Advisories are also available from the GraphQL API