Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,298
Erlang
31
GitHub Actions
21
Go
2,063
Maven
5,000+
npm
3,744
NuGet
668
pip
3,424
Pub
12
RubyGems
892
Rust
876
Swift
36
Unreviewed advisories
All unreviewed
5,000+

216 advisories

Loading
Substitution encoding issue in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows... Critical Unreviewed
CVE-2024-38474 was published Jul 1, 2024
An issue in dc2niix before v.1.0.20240202 allows a local attacker to execute arbitrary code via... High Unreviewed
CVE-2024-27629 was published Jun 29, 2024
Jupyter Server Proxy has a reflected XSS issue in host parameter Critical
CVE-2024-35225 was published for jupyter-server-proxy (pip) Jun 11, 2024
dlqqq
A host whitelist parser issue in the proxy service implemented in the GravityZone Update Server... High Unreviewed
CVE-2024-4177 was published Jun 6, 2024
Fides Webserver Logs Hosted Database Password Partial Exposure Vulnerability Low
CVE-2024-34715 was published for ethyca-fides (pip) May 29, 2024
tariqajyusuf pattisdr
There exists a Denial of service vulnerability in Tink-cc in versions prior to 2.1.3.  * An... Unknown Unreviewed
CVE-2024-4420 was published May 21, 2024
TYPO3 vulnerable to an HTML Injection in the History Module Low
CVE-2024-34355 was published for typo3/cms-core (Composer) May 14, 2024
andreaskienast bnf
Gradio before 4.20 allows credential leakage on Windows. High Unreviewed
CVE-2024-34510 was published May 5, 2024
Improper escaping in Apache Zeppelin Critical
CVE-2024-31866 was published for org.apache.zeppelin:zeppelin-interpreter (Maven) Apr 9, 2024
raboof
Apache Zeppelin vulnerable to cross-site scripting in the helium module Moderate
CVE-2024-31868 was published for org.apache.zeppelin:zeppelin-interpreter (Maven) Apr 9, 2024
oscerd
KaTeX's `\includegraphics` does not escape filename Moderate
CVE-2024-28245 was published for katex (npm) Mar 25, 2024
martinvks edemaine
jupenur
Ansible-core information disclosure flaw Moderate
CVE-2024-0690 was published for ansible-core (pip) Feb 6, 2024
A host header injection vulnerability in the HTTP handler component of Crafty Controller allows a... High Unreviewed
CVE-2024-1064 was published Feb 3, 2024
IBM Tivoli Application Dependency Discovery Manager 7.3.0.0 through 7.3.0.10 is vulnerable to... Critical Unreviewed
CVE-2023-47143 was published Feb 2, 2024
A vulnerability classified as critical has been found in Sichuan Yougou Technology KuERP up to 1... Moderate Unreviewed
CVE-2024-0987 was published Jan 29, 2024
Dell Unity, versions prior to 5.4, contain a vulnerability whereby log messages can be spoofed... Low Unreviewed
CVE-2024-22229 was published Jan 24, 2024
Improper input validation for some Intel NUC BIOS firmware before version JY0070 may allow a... High Unreviewed
CVE-2023-28738 was published Jan 19, 2024
OPCUAServerToolkit will write a log message once an OPC UA client has successfully connected... Moderate Unreviewed
CVE-2023-7234 was published Jan 16, 2024
The EventON WordPress plugin before 4.5.5, EventON WordPress plugin before 2.2.7 does not... Moderate Unreviewed
CVE-2023-6005 was published Jan 16, 2024
The EventON WordPress plugin before 4.5.5, EventON WordPress plugin before 2.2.7 do not properly... Moderate Unreviewed
CVE-2024-0233 was published Jan 16, 2024
Vulnerability of parameters being not verified in the WMS module. Successful exploitation of this... High Unreviewed
CVE-2023-52102 was published Jan 16, 2024
Denial of Service (DoS) vulnerability in the DMS module. Successful exploitation of this... High Unreviewed
CVE-2023-52098 was published Jan 16, 2024
Django Template Engine Vulnerable to XSS Critical
CVE-2024-22199 was published for github.com/gofiber/template/django/v3 (Go) Jan 11, 2024
bastianwegge sixcolors
gaby ReneWerner87 efectn
lockss-daemon (aka Classic LOCKSS Daemon) before 1.77.3 performs post-Unicode normalization,... Moderate Unreviewed
CVE-2023-42183 was published Dec 15, 2023
HAProxy before 2.8.2 accepts # as part of the URI component, which might allow remote attackers... High Unreviewed
CVE-2023-45539 was published Nov 28, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database