GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,272
Erlang
31
GitHub Actions
21
Go
2,047
Maven
5,000+
npm
3,739
NuGet
668
pip
3,415
Pub
12
RubyGems
891
Rust
868
Swift
36
Unreviewed advisories
All unreviewed
5,000+
44 advisories
Filter by severity
In the Linux kernel, the following vulnerability has been resolved:
s390/pkey: Use...
Moderate
Unreviewed
CVE-2024-42158
was published
Jul 30, 2024
yt-dlp File system modification and RCE through improper file-extension sanitization
High
CVE-2024-38519
was published
for
yt-dlp
(pip)
Jul 2, 2024
urllib3's Proxy-Authorization request header isn't stripped during cross-origin redirects
Moderate
CVE-2024-37891
was published
for
urllib3
(pip)
Jun 17, 2024
Moby's external DNS requests from 'internal' networks could lead to data exfiltration
Moderate
CVE-2024-29018
was published
for
github.com/docker/docker
(Go)
Mar 20, 2024
Broadcast permission control vulnerability in the Bluetooth module.Successful exploitation of...
High
Unreviewed
CVE-2023-44104
was published
Oct 11, 2023
Broadcast permission control vulnerability in the Bluetooth module.Successful exploitation of...
High
Unreviewed
CVE-2023-44100
was published
Oct 11, 2023
An issue was discovered in the Shannon RCS component in Samsung Exynos Modem 5123 and 5300....
Critical
Unreviewed
CVE-2023-31114
was published
Jun 7, 2023
An issue was discovered in the Shannon RCS component in Samsung Exynos Modem 5123 and 5300....
High
Unreviewed
CVE-2023-31115
was published
Jun 7, 2023
An issue was discovered in TigerGraph Enterprise Free Edition 3.x. Data loading jobs in...
Moderate
Unreviewed
CVE-2023-22950
was published
Apr 13, 2023
Elrond-GO processing: fallback search of SCRs when not found in the main cache
High
CVE-2022-46173
was published
for
github.com/ElrondNetwork/elrond-go
(Go)
Dec 30, 2022
PHP Remote File Inclusion in GitHub repository tsolucio/corebos prior to 8.0.
Critical
Unreviewed
CVE-2022-4446
was published
Dec 13, 2022
parse-server's session object properties can be updated by foreign user if object ID is known
Moderate
CVE-2022-39225
was published
for
parse-server
(npm)
Sep 21, 2022
Unisphere for PowerMax versions before 9.2.3.15 contain a privilege escalation vulnerability. An...
High
Unreviewed
CVE-2022-31233
was published
Sep 1, 2022
OpenZeppelin Contracts's Cross chain utilities for Arbitrum L2 see EOA calls as cross chain calls
Moderate
CVE-2022-35916
was published
for
@openzeppelin/contracts
(npm)
Aug 14, 2022
A CWE-669: Incorrect Resource Transfer Between Spheres vulnerability exists that could allow...
High
Unreviewed
CVE-2022-30236
was published
Jun 3, 2022
The HM Multiple Roles WordPress plugin before 1.3 does not have any access control to prevent low...
High
Unreviewed
CVE-2021-24602
was published
May 24, 2022
In MB connect line mymbCONNECT24, mbCONNECT24 in versions <= 2.8.0 an authenticated attacker can...
Moderate
Unreviewed
CVE-2021-34574
was published
May 24, 2022
Firefox used to cache the last filename used for printing a file. When generating a filename for...
Moderate
Unreviewed
CVE-2021-29960
was published
May 24, 2022
A vulnerability allowed multiple unrestricted uploads in Pulse Connect Secure before 9.1R11.4...
High
Unreviewed
CVE-2021-22900
was published
May 24, 2022
Dell Unisphere for PowerMax versions prior to 9.2.1.6 contain an Authorization Bypass...
High
Unreviewed
CVE-2021-21531
was published
May 24, 2022
Dell EMC iDRAC9 versions prior to 4.40.00.00 contain an improper authentication vulnerability. A...
Moderate
Unreviewed
CVE-2021-21544
was published
May 24, 2022
IBM Security Verify Information Queue 1.0.6 and 1.0.7 could allow a user to impersonate another...
High
Unreviewed
CVE-2021-20411
was published
May 24, 2022
In SOOIL Developments Co., Ltd Diabecare RS, AnyDana-i and AnyDana-A, a client-side control...
Moderate
Unreviewed
CVE-2020-27268
was published
May 24, 2022
The affected versions of S+ Operations (version 2.1 SP1 and earlier) used an approach for user...
Critical
Unreviewed
CVE-2020-24683
was published
May 24, 2022
An issue was discovered in apply.cgi on D-Link DAP-1520 devices before 1.10b04Beta02. Whenever a...
High
Unreviewed
CVE-2020-15892
was published
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API