GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,273
Erlang
31
GitHub Actions
21
Go
2,055
Maven
5,000+
npm
3,739
NuGet
668
pip
3,417
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+
11,252 advisories
Filter by severity
A use of externally-controlled format string vulnerability has been reported to affect several...
Low
Unreviewed
CVE-2024-50403
was published
Dec 6, 2024
sigstore-java has a vulnerability with bundle verification
Low
CVE-2024-54140
was published
for
dev.sigstore:sigstore-java
(Maven)
Dec 5, 2024
Unsound usages of `std::slice::from_raw_parts`
Low
GHSA-gw5w-5j7f-jmjj
was published
for
pprof
(Rust)
Dec 5, 2024
HCL DevOps Deploy / HCL Launch is vulnerable to HTML injection. This vulnerability may allow a...
Low
Unreviewed
CVE-2024-42195
was published
Dec 5, 2024
Improper authorization in handler for custom URL scheme issue in 'Skylark' App for Android 6.2.13...
Low
Unreviewed
CVE-2024-54014
was published
Dec 5, 2024
Firepad allows insecure document access
Low
CVE-2024-51210
was published
for
firepad
(npm)
Dec 4, 2024
linkme fails to ensure slice elements match the slice's declared type
Low
GHSA-f95p-4cv5-8w8x
was published
for
linkme
(Rust)
Dec 4, 2024
The Client secret is not checked when using the OAuth Password grant type.
By exploiting this...
Low
Unreviewed
CVE-2024-12056
was published
Dec 4, 2024
In JetBrains YouTrack before 2024.3.51866 improper access control allowed listing of project...
Low
Unreviewed
CVE-2024-54155
was published
Dec 4, 2024
In JetBrains YouTrack before 2024.3.51866 unauthenticated database backup download was possible...
Low
Unreviewed
CVE-2024-54153
was published
Dec 4, 2024
In JetBrains YouTrack before 2024.3.52635 potential spoofing attack was possible via lack of...
Low
Unreviewed
CVE-2024-54158
was published
Dec 4, 2024
Seecms v4.8 was discovered to contain a SQL injection vulnerability in the SEMCMS_SeoAndTag.php...
Low
Unreviewed
CVE-2024-53502
was published
Dec 4, 2024
An issue was discovered in the installer in Samsung Magician 8.1.0 on Windows. An attacker can...
Low
Unreviewed
CVE-2024-53921
was published
Dec 3, 2024
Use of implicit intent for sensitive communication in Smart Touch Call prior to 1.0.0.8 allows...
Low
Unreviewed
CVE-2024-49417
was published
Dec 3, 2024
Authentication Bypass Using an Alternate Path in Dex Mode prior to SMR Dec-2024 Release 1 allows...
Low
Unreviewed
CVE-2024-49414
was published
Dec 3, 2024
rails-html-sanitizer has XSS vulnerability with certain configurations
Low
CVE-2024-53989
was published
for
rails-html-sanitizer
(RubyGems)
Dec 2, 2024
rails-html-sanitizer has XSS vulnerability with certain configurations
Low
CVE-2024-53987
was published
for
rails-html-sanitizer
(RubyGems)
Dec 2, 2024
rails-html-sanitizer has XSS vulnerability with certain configurations
Low
CVE-2024-53988
was published
for
rails-html-sanitizer
(RubyGems)
Dec 2, 2024
rails-html-sanitizer has XSS vulnerability with certain configurations
Low
CVE-2024-53986
was published
for
rails-html-sanitizer
(RubyGems)
Dec 2, 2024
rails-html-sanitize has XSS vulnerability with certain configurations
Low
CVE-2024-53985
was published
for
rails-html-sanitizer
(RubyGems)
Dec 2, 2024
PyJWT Issuer field partial matches allowed
Low
CVE-2024-53861
was published
for
PyJWT
(pip)
Dec 2, 2024
veraPDF CLI has potential XXE (XML External Entity Injection) vulnerability
Low
CVE-2024-52800
was published
for
org.verapdf:core
(Maven)
Dec 2, 2024
A security vulnerability in HPE IceWall products could be exploited remotely to cause...
Low
Unreviewed
CVE-2024-11856
was published
Dec 2, 2024
Multiple FCNT Android devices provide the original security features such as "privacy mode" where...
Low
Unreviewed
CVE-2024-53701
was published
Nov 29, 2024
The game extension engine of versions 1.2.7.0 and earlier exposes some components, and attackers...
Low
Unreviewed
CVE-2024-46939
was published
Nov 28, 2024
ProTip!
Advisories are also available from the
GraphQL API