GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,273
Erlang
31
GitHub Actions
21
Go
2,055
Maven
5,000+
npm
3,739
NuGet
668
pip
3,417
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+
11,252 advisories
Filter by severity
IBM InfoSphere DataStage Flow Designer (InfoSphere Information Server 11.7) could allow an...
Low
Unreviewed
CVE-2023-23472
was published
Dec 11, 2024
IBM Aspera Faspex 5.0.0 through 5.0.7 could allow a local user to obtain sensitive information...
Low
Unreviewed
CVE-2023-37395
was published
Dec 11, 2024
Adobe Experience Manager versions 6.5.21 and earlier are affected by an Improper Input Validation...
Low
Unreviewed
CVE-2024-43755
was published
Dec 11, 2024
Adobe Experience Manager versions 6.5.21 and earlier are affected by an Improper Input Validation...
Low
Unreviewed
CVE-2024-52831
was published
Dec 11, 2024
Possible Content Security Policy bypass in Action Dispatch
Low
CVE-2024-54133
was published
for
actionpack
(RubyGems)
Dec 10, 2024
Adobe Connect versions 12.6, 11.4.7 and earlier are affected by a URL Redirection to Untrusted...
Low
Unreviewed
CVE-2024-54050
was published
Dec 10, 2024
Adobe Connect versions 12.6, 11.4.7 and earlier are affected by a URL Redirection to Untrusted...
Low
Unreviewed
CVE-2024-54051
was published
Dec 10, 2024
In Splunk Enterprise versions below 9.3.0, 9.2.4, and 9.1.7 and Splunk Cloud Platform versions...
Low
Unreviewed
CVE-2024-53245
was published
Dec 10, 2024
Simulation of Wasmd message can cause crashing
Low
GHSA-vmg2-r3xv-r3xf
was published
for
github.com/CosmWasm/wasmd
(Go)
Dec 10, 2024
SAP Product Lifecycle Costing Client (versions below 4.7.1) application loads on demand a DLL...
Low
Unreviewed
CVE-2024-47576
was published
Dec 10, 2024
Webservice API endpoints for Assisted Service Module within SAP Commerce Cloud has information...
Low
Unreviewed
CVE-2024-47577
was published
Dec 10, 2024
Drupal core contains a potential PHP Object Injection vulnerability
Low
CVE-2024-55636
was published
for
drupal/core
(Composer)
Dec 10, 2024
An Improper Certificate Validation vulnerability exists in Tenable Security Center where an...
Low
Unreviewed
CVE-2024-12174
was published
Dec 10, 2024
lxd CA certificate sign check bypass
Low
CVE-2024-6156
was published
for
github.com/canonical/lxd
(Go)
Dec 9, 2024
lxd has a restricted TLS certificate privilege escalation when in PKI mode
Low
CVE-2024-6219
was published
for
github.com/canonical/lxd
(Go)
Dec 9, 2024
User credentials (login & password) are inserted into log files when a user tries to authenticate...
Low
Unreviewed
CVE-2024-12057
was published
Dec 9, 2024
Apache Superset: Improper SQL authorisation, parse not checking for specific postgres functions
Low
CVE-2024-53947
was published
for
apache-superset
(pip)
Dec 9, 2024
Missing Authorization vulnerability in Jerod Santo WordPress Console allows Exploiting...
Low
Unreviewed
CVE-2023-28168
was published
Dec 9, 2024
Missing Authorization vulnerability in Brainstorm Force Spectra allows Exploiting Incorrectly...
Low
Unreviewed
CVE-2023-23825
was published
Dec 9, 2024
Missing Authorization vulnerability in miniOrange WordPress Social Login and Register (Discord,...
Low
Unreviewed
CVE-2023-24375
was published
Dec 9, 2024
Missing Authorization vulnerability in CodePeople CP Multi View Event Calendar allows Exploiting...
Low
Unreviewed
CVE-2023-23814
was published
Dec 9, 2024
Insufficient validation of filenames against control characters in Apache Subversion repositories...
Low
Unreviewed
CVE-2024-46901
was published
Dec 9, 2024
shared_preferences_android vulnerability
Low
GHSA-3hpf-ff72-j67p
was published
for
shared_preferences_android
(Pub)
Dec 6, 2024
An improper handling of URL encoding (Hex Encoding) vulnerability has been reported to affect...
Low
Unreviewed
CVE-2024-48866
was published
Dec 6, 2024
A use of externally-controlled format string vulnerability has been reported to affect several...
Low
Unreviewed
CVE-2024-50402
was published
Dec 6, 2024
ProTip!
Advisories are also available from the
GraphQL API