GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,978
Erlang
29
GitHub Actions
16
Go
1,768
Maven
4,991
npm
3,537
NuGet
616
pip
3,107
Pub
10
RubyGems
837
Rust
786
Swift
34
Unreviewed advisories
All unreviewed
5,000+
10,694 advisories
Filter by severity
Use After Free vulnerability in Silicon Labs Bluetooth SDK on 32 bit, ARM may allow an attacker...
Low
Unreviewed
CVE-2023-41093
was published
Jul 12, 2024
A vulnerability has been identified in Node.js, affecting users of the experimental permission...
Low
Unreviewed
CVE-2024-22018
was published
Jul 10, 2024
TONE store App version 3.4.2 and earlier contains an issue with unprotected primary channel....
Low
Unreviewed
CVE-2024-39886
was published
Jul 10, 2024
An issue was discovered in GitLab CE/EE affecting all versions starting from 16.5 prior to 16.11...
Low
Unreviewed
CVE-2024-2880
was published
Jul 11, 2024
An issue was discovered in GitLab CE/EE affecting all versions starting from 17.0 prior to 17.0.4...
Low
Unreviewed
CVE-2024-5470
was published
Jul 11, 2024
Improper output Neutralization for Logs (CWE-117) in the Command Centre API Diagnostics Endpoint...
Low
Unreviewed
CVE-2024-23194
was published
Jul 11, 2024
A cross-site scripting vulnerability exists in the admin console OIDC Policy Management Editor....
Low
Unreviewed
CVE-2024-22477
was published
Jul 10, 2024
A potential JSON injection attack vector exists in PingFederate REST API data stores using the...
Low
Unreviewed
CVE-2024-21832
was published
Jul 10, 2024
Private tokens could appear in logs if context containing gRPC metadata is logged in github.com/grpc/grpc-go
Low
GHSA-xr7q-jx4m-x55m
was published
for
google.golang.org/grpc
(Go)
Jul 5, 2024
A flaw was found in NetworkManager. When a system running NetworkManager with DEBUG logs enabled...
Low
Unreviewed
CVE-2024-6501
was published
Jul 9, 2024
An incorrect parsing of numbers with different radices vulnerability [CWE-1389] in FortiProxy...
Low
Unreviewed
CVE-2024-26015
was published
Jul 9, 2024
This flaw allows an attacker to insert cookies at will into a running program
using libcurl, if...
Low
Unreviewed
CVE-2023-38546
was published
Oct 18, 2023
Undici vulnerable to data leak when using response.arrayBuffer()
Low
CVE-2024-38372
was published
for
undici
(npm)
Jul 9, 2024
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection'...
Low
Unreviewed
CVE-2024-35777
was published
Jul 9, 2024
A vulnerability has been identified in RUGGEDCOM RST2228 (All versions < V5.9.0), RUGGEDCOM...
Low
Unreviewed
CVE-2023-52238
was published
Jul 9, 2024
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection'...
Low
Unreviewed
CVE-2024-37442
was published
Jul 9, 2024
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection'...
Low
Unreviewed
CVE-2024-37253
was published
Jul 9, 2024
Due to missing verification of file type or
content, SAP Enable Now allows an authenticated...
Low
Unreviewed
CVE-2024-34692
was published
Jul 9, 2024
The /n software IPWorks SSH library SFTPServer component can be induced to make unintended...
Low
Unreviewed
CVE-2024-6580
was published
Jul 8, 2024
Mattermost incorrectly allows access individual posts
Low
CVE-2024-1952
was published
for
github.com/mattermost/mattermost/server/v8
(Go)
Feb 29, 2024
Mattermost fails to check the required permissions
Low
CVE-2024-24776
was published
for
github.com/mattermost/mattermost/server/v8
(Go)
Feb 9, 2024
Etcd auth Inaccurate logging of authentication attempts for users with CN-based auth only
Low
GHSA-vjg6-93fv-qv64
was published
for
go.etcd.io/etcd/v3
(Go)
Feb 3, 2024
Etcd embed auto compaction retention negative value causing a compaction loop or a crash
Low
GHSA-pm3m-32r3-7mfh
was published
for
go.etcd.io/etcd/v3
(Go)
Feb 3, 2024
Mattermost Cross-site Scripting vulnerability
Low
CVE-2023-7113
was published
for
github.com/mattermost/mattermost/server/v8
(Go)
Dec 29, 2023
Container build can leak any path on the host into the container
Low
GHSA-vp35-85q5-9f25
was published
for
github.com/docker/docker
(Go)
Nov 11, 2022
ProTip!
Advisories are also available from the
GraphQL API