GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,273
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,739
NuGet
668
pip
3,417
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+
216 advisories
Filter by severity
A vulnerability in Koji was found. An unsanitized input allows for an XSS attack. Javascript code...
Moderate
Unreviewed
CVE-2024-9427
was published
Dec 24, 2024
XWiki Platform has an SQL injection in getdocuments.vm with sort parameter
High
CVE-2024-55663
was published
for
org.xwiki.platform:xwiki-platform-distribution-war
(Maven)
Dec 12, 2024
A vulnerability was found in Romain Bourdon Wampserver all versions (discovered in v3.2.3 and v3...
High
Unreviewed
CVE-2024-46547
was published
Dec 9, 2024
In ArrayConcatVisitor of builtins-array.cc, there is a possible type confusion due to improper...
High
Unreviewed
CVE-2018-9433
was published
Nov 20, 2024
Hashicorp Consul Improper Neutralization of HTTP Headers for Scripting Syntax vulnerability
Moderate
CVE-2024-10006
was published
for
github.com/hashicorp/consul
(Go)
Oct 31, 2024
Sharp and Toshiba Tec MFPs improperly process query parameters in HTTP requests, which may allow...
High
Unreviewed
CVE-2024-47549
was published
Oct 25, 2024
A vulnerability in the AWV (Audio, Web and Video Conferencing) component of Mitel MiCollab...
Moderate
Unreviewed
CVE-2024-47224
was published
Oct 21, 2024
A Directory Traversal vulnerability in the Boa webserver of Vilo 5 Mesh WiFi System <= 5.16.1.33...
Moderate
Unreviewed
CVE-2024-40088
was published
Oct 21, 2024
Docker Desktop before v4.34.3 allows RCE via unsanitized GitHub source link in Build view.
High
Unreviewed
CVE-2024-9348
was published
Oct 16, 2024
Account users in Apache CloudStack by default are allowed to upload and register templates for...
High
Unreviewed
CVE-2024-45219
was published
Oct 16, 2024
An unauthenticated local attacker can gain admin privileges by deploying a config file due to...
High
Unreviewed
CVE-2024-45271
was published
Oct 15, 2024
An issue was discovered in the Vector Skin component for MediaWiki before 1.39.5 and 1.40.x...
Moderate
Unreviewed
CVE-2023-45359
was published
Oct 9, 2024
Improper Encoding or Escaping of Output vulnerability in The Wikimedia Foundation Mediawiki - CSS...
Moderate
Unreviewed
CVE-2024-47845
was published
Oct 5, 2024
LibreNMS vulnerable to Stored Cross-site Scripting via File Upload
Low
CVE-2024-47528
was published
for
librenms/librenms
(Composer)
Oct 1, 2024
An issue has been discovered in GitLab EE affecting all versions starting from 16.0 prior to 17.2...
Low
Unreviewed
CVE-2024-4099
was published
Sep 27, 2024
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting'),...
Critical
Unreviewed
CVE-2024-7873
was published
Sep 17, 2024
Apache Airflow vulnerable to Improper Encoding or Escaping of Output
High
CVE-2024-45498
was published
for
apache-airflow
(pip)
Sep 7, 2024
A vulnerability was found in kitsada8621 Digital Library Management System 1.0. It has been...
Moderate
Unreviewed
CVE-2024-8297
was published
Aug 29, 2024
In shouldRestrictOverlayActivities of UsbProfileGroupSettingsManager.java, there is a possible...
High
Unreviewed
CVE-2024-34739
was published
Aug 16, 2024
Windows App Installer Spoofing Vulnerability
High
Unreviewed
CVE-2024-38177
was published
Aug 13, 2024
An issue was discovered in GitLab CE/EE affecting all versions starting from 8.16 prior to 17.0.6...
Moderate
Unreviewed
CVE-2024-6329
was published
Aug 8, 2024
IBM Aspera Orchestrator 4.0.1 is vulnerable to HTTP header injection, caused by improper...
Moderate
Unreviewed
CVE-2023-26289
was published
Jul 30, 2024
IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 is vulnerable to HTTP header...
Moderate
Unreviewed
CVE-2024-39736
was published
Jul 15, 2024
Encoding problem in mod_proxy in Apache HTTP Server 2.4.59 and earlier allows request URLs with...
High
Unreviewed
CVE-2024-38473
was published
Jul 1, 2024
Improper escaping of output in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows an...
Critical
Unreviewed
CVE-2024-38475
was published
Jul 1, 2024
ProTip!
Advisories are also available from the
GraphQL API