GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,274
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,419
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+
11,257 advisories
Filter by severity
Some Honor products are affected by incorrect privilege assignment vulnerability, successful...
Low
Unreviewed
CVE-2024-47149
was published
Dec 26, 2024
Some Honor products are affected by information leak vulnerability, successful exploitation could...
Low
Unreviewed
CVE-2024-47156
was published
Dec 26, 2024
Some Honor products are affected by information leak vulnerability, successful exploitation could...
Low
Unreviewed
CVE-2024-47150
was published
Dec 26, 2024
Some Honor products are affected by incorrect privilege assignment vulnerability, successful...
Low
Unreviewed
CVE-2024-47157
was published
Dec 26, 2024
shadow-utils (aka shadow) 4.4 through 4.17.0 establishes a default /etc/subuid behavior (e.g.,...
Low
Unreviewed
CVE-2024-56433
was published
Dec 26, 2024
An issue was discovered in GitLab CE/EE affecting all versions before 17.6.0 in which users were...
Low
Unreviewed
CVE-2023-5117
was published
Dec 25, 2024
veraPDF CLI has potential XXE (XML External Entity Injection) vulnerability
Low
CVE-2024-52800
was published
for
org.verapdf:core
(Maven)
Dec 2, 2024
Weak algorithm used to sign RPM package. The following products are affected: Acronis Cyber...
Low
Unreviewed
CVE-2024-55539
was published
Dec 23, 2024
Oqtane Framework Insecure Direct Object Reference vulnerability
Low
CVE-2024-55186
was published
for
Oqtane.Client
(NuGet)
Dec 20, 2024
There is an insufficient authentication vulnerability in some Huawei smart phone. An...
Low
Unreviewed
CVE-2020-9250
was published
Dec 20, 2024
Path Traversal and Insecure Direct Object Reference (IDOR) vulnerabilities in the eSignaViewer...
Low
Unreviewed
CVE-2024-12014
was published
Dec 20, 2024
Keycloak Denial of Service via account lockout
Low
CVE-2024-1722
was published
for
org.keycloak:keycloak-services
(Maven)
Jun 12, 2024
Duplicate Advisory: Keycloak DoS via account lockout
Low
GHSA-3hrr-xwvg-hxvr
was published
for
org.keycloak:keycloak-core
(Maven)
Feb 29, 2024
•
withdrawn
Keycloak's improper input validation allows using email as username
Low
CVE-2021-3754
was published
for
org.keycloak:keycloak-services
(Maven)
Jun 12, 2024
Valid ECDSA signatures erroneously rejected in Elliptic
Low
CVE-2024-48948
was published
for
elliptic
(npm)
Oct 15, 2024
QOS.CH logback-core Server-Side Request Forgery vulnerability
Low
CVE-2024-12801
was published
for
ch.qos.logback:logback-core
(Maven)
Dec 19, 2024
LibreNMS vulnerable to Stored Cross-site Scripting via File Upload
Low
CVE-2024-47528
was published
for
librenms/librenms
(Composer)
Oct 1, 2024
A reflected cross-site scripting (XSS) vulnerability in the 'Entry Chooser' of phpLDAPadmin ...
Low
Unreviewed
CVE-2024-9101
was published
Dec 19, 2024
Undici's Proxy-Authorization header not cleared on cross-origin redirect for dispatch, request, stream, pipeline
Low
CVE-2024-30260
was published
for
undici
(npm)
Apr 4, 2024
Mattermost Server Resource Exhaustion
Low
CVE-2024-28053
was published
for
github.com/mattermost/mattermost-server
(Go)
Mar 15, 2024
Apache Kafka's SCRAM implementation Incorrectly Implements Authentication Algorithm
Low
CVE-2024-56128
was published
for
org.apache.kafka:kafka
(Maven)
Dec 18, 2024
SurrealDB has Silent Failure to Overwrite Table Definition of Relation Type
Low
GHSA-27vq-hv74-7cqp
was published
for
surrealdb
(Rust)
Dec 16, 2024
Prototype pollution in jsii.configureCategories
Low
GHSA-m56h-5xx3-2jc2
was published
for
jsii
(npm)
Dec 18, 2024
Ansible-Core vulnerable to content protections bypass
Low
CVE-2024-11079
was published
for
ansible-core
(pip)
Nov 12, 2024
A cross-site scripting (XSS) vulnerability in the Web Reports component of HCL BigFix Platform...
Low
Unreviewed
CVE-2023-37530
was published
Feb 29, 2024
ProTip!
Advisories are also available from the
GraphQL API