GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,273
Erlang
31
GitHub Actions
21
Go
2,055
Maven
5,000+
npm
3,739
NuGet
668
pip
3,417
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+
117 advisories
Filter by severity
`idna` accepts Punycode labels that do not produce any non-ASCII when decoded
Moderate
CVE-2024-12224
was published
for
idna
(Rust)
Dec 9, 2024
PyJWT Issuer field partial matches allowed
Low
CVE-2024-53861
was published
for
PyJWT
(pip)
Dec 2, 2024
When curl is asked to use HSTS, the expiry time for a subdomain might
overwrite a parent domain's...
Moderate
Unreviewed
CVE-2024-9681
was published
Nov 6, 2024
An Incorrect Comparison vulnerability in the local address verification API of Juniper Networks...
Moderate
Unreviewed
CVE-2024-39534
was published
Oct 11, 2024
The WP Hardening – Fix Your WordPress Security plugin for WordPress is vulnerable to Security...
Moderate
Unreviewed
CVE-2024-6641
was published
Sep 18, 2024
Alpine allows Authentication Filter bypass
Moderate
CVE-2022-23554
was published
for
us.springett:alpine
(Maven)
Aug 5, 2024
Under certain circumstances the ExacqVision Web Services does not provide sufficient protection...
Moderate
Unreviewed
CVE-2024-32862
was published
Aug 2, 2024
Softaculous Webuzo contains an authentication bypass vulnerability through the password reset...
Critical
Unreviewed
CVE-2024-24621
was published
Jul 26, 2024
ServiceNow has addressed an input validation vulnerability that was identified in the Washington...
Critical
Unreviewed
CVE-2024-5217
was published
Jul 10, 2024
IBM MQ Operator 3.2.2 and IBM MQ Operator 2.0.24 could allow a user to bypass authentication...
High
Unreviewed
CVE-2024-39742
was published
Jul 8, 2024
The “ipaddress” module contained incorrect information about whether certain IPv4 and IPv6...
High
Unreviewed
CVE-2024-4032
was published
Jun 17, 2024
A potential attacker with access to the Westermo Lynx device would be able to execute...
Moderate
Unreviewed
CVE-2023-45213
was published
Feb 7, 2024
A vulnerability was found in planet-freo up to 20150116 and classified as problematic. Affected...
Low
Unreviewed
CVE-2015-10129
was published
Feb 4, 2024
IBM PowerSC 1.3, 2.0, and 2.1 uses Cross-Origin Resource Sharing (CORS) which could allow an...
Moderate
Unreviewed
CVE-2023-50940
was published
Feb 2, 2024
Non-constant time webhook token comparison in Jenkins GitLab Branch Source Plugin
Low
CVE-2024-23903
was published
for
io.jenkins.plugins:gitlab-branch-source
(Maven)
Jan 24, 2024
Espeak-ng 1.52-dev was discovered to contain a Floating Point Exception via the function...
Moderate
Unreviewed
CVE-2023-49994
was published
Dec 12, 2023
Jenkins MSTeams Webhook Trigger Plugin uses non-constant time webhook token comparison
Low
CVE-2023-46658
was published
for
io.jenkins.plugins:teams-webhook-trigger
(Maven)
Oct 25, 2023
Jenkins Multibranch Scan Webhook Trigger Plugin uses non-constant time webhook token comparison
Low
CVE-2023-46656
was published
for
igalg.jenkins.plugins:multibranch-scan-webhook-trigger
(Maven)
Oct 25, 2023
Non-constant time webhook token hash comparison in Jenkins Zanata Plugin
Low
CVE-2023-46660
was published
for
org.jenkins-ci.plugins:zanata
(Maven)
Oct 25, 2023
Jenkins Gogs Plugin uses non-constant time webhook token comparison
Low
CVE-2023-46657
was published
for
org.jenkins-ci.plugins:gogs-webhook
(Maven)
Oct 25, 2023
gifsicle-1.94 was found to have a floating point exception (FPE) vulnerability via resize_stream...
High
Unreviewed
CVE-2023-46009
was published
Oct 18, 2023
Babel vulnerable to arbitrary code execution when compiling specifically crafted malicious code
Critical
CVE-2023-45133
was published
for
@babel/traverse
(npm)
Oct 16, 2023
gnark unsoundness in variable comparison / non-unique binary decomposition
Moderate
CVE-2023-44378
was published
for
github.com/consensys/gnark
(Go)
Oct 4, 2023
MultiBit HD before 0.1.2 allows attackers to conduct bit-flipping attacks that insert unspendable...
Moderate
Unreviewed
CVE-2015-6964
was published
Sep 25, 2023
An incorrect comparison vulnerability was identified in GitHub Enterprise Server that allowed...
Moderate
Unreviewed
CVE-2023-23766
was published
Sep 22, 2023
ProTip!
Advisories are also available from the
GraphQL API