Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

360 advisories

Loading
D-Tale Command Execution Vulnerability Moderate
CVE-2024-8862 was published for dtale (pip) Sep 16, 2024
Zoom clients prior to 5.13.10 contain an HTML injection vulnerability. A malicious user could... Moderate Unreviewed
CVE-2023-28599 was published Jun 13, 2023
Zoom for Linux clients prior to 5.13.10 contain an HTML injection vulnerability. If a victim... Moderate Unreviewed
CVE-2023-28598 was published Jun 13, 2023
Pega Platform versions 8.1 to Infinity 24.1.2 are affected by an HTML Injection issue with Stage. Moderate Unreviewed
CVE-2024-6702 was published Sep 12, 2024
A Host header injection vulnerability in the password reset function of LimeSurvey v.6.6.1+240806... Moderate Unreviewed
CVE-2024-42903 was published Sep 3, 2024
D-Tale vulnerable to Remote Code Execution through the Query input on Chart Builder Moderate
CVE-2024-45595 was published for dtale (pip) Sep 10, 2024
AfterSnows
A low privileged remote attacker can perform configuration changes of the firewall services,... Moderate Unreviewed
CVE-2024-43393 was published Sep 10, 2024
A low privileged remote attacker can perform configuration changes of the ospf service through... Moderate Unreviewed
CVE-2024-43389 was published Sep 10, 2024
A low privileged remote attacker can perform configuration changes of the firewall services,... Moderate Unreviewed
CVE-2024-43390 was published Sep 10, 2024
A low privileged remote attacker can perform configuration changes of the firewall services,... Moderate Unreviewed
CVE-2024-43392 was published Sep 10, 2024
A low privileged remote attacker can perform configuration changes of the firewall services,... Moderate Unreviewed
CVE-2024-43391 was published Sep 10, 2024
Fault Injection vulnerability in wc_ed25519_sign_msg function in wolfssl/wolfcrypt/src/ed25519.c... Moderate Unreviewed
CVE-2024-2881 was published Aug 30, 2024
Fault Injection vulnerability in RsaPrivateDecryption function in wolfssl/wolfcrypt/src/rsa.c in... Moderate Unreviewed
CVE-2024-1545 was published Aug 30, 2024
A vulnerability was found in HM Courts & Tribunals Service Probate Back Office up to... Moderate Unreviewed
CVE-2024-8367 was published Sep 1, 2024
SSH dissector crash in Wireshark 4.0.0 to 4.0.10 allows denial of service via packet injection or... Moderate Unreviewed
CVE-2023-6174 was published Nov 16, 2023
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 and 11.5 is vulnerable to... Moderate Unreviewed
CVE-2024-31882 was published Aug 14, 2024
RDoc RCE vulnerability with .rdoc_options Moderate
CVE-2024-27281 was published for rdoc (RubyGems) Mar 25, 2024
Apache Airflow Potential Cross-site Scripting Vulnerability Moderate
CVE-2024-39863 was published for apache-airflow (pip) Jul 17, 2024
dbt has an implicit override for built-in materializations from installed packages Moderate
CVE-2024-40637 was published for dbt-core (pip) Jul 17, 2024
brabster
A vulnerability was found in playSMS 1.4.3. It has been declared as problematic. Affected by this... Moderate Unreviewed
CVE-2024-6469 was published Jul 3, 2024
Dolibarr ERP CRM vulnerable to remote code execution (RCE) Moderate
CVE-2024-40137 was published for dolibarr/dolibarr (Composer) Jul 24, 2024
A vulnerability was found in playSMS 1.4.3. It has been rated as problematic. Affected by this... Moderate Unreviewed
CVE-2024-6470 was published Jul 3, 2024
Improper neutralization of user data in the DjVu file format in ExifTool versions 7.44 and up... Moderate Unreviewed
CVE-2021-22204 was published May 24, 2022
A vulnerability in the web-based management interface of Cisco AsyncOS for Secure Email Gateway... Moderate Unreviewed
CVE-2024-20429 was published Jul 17, 2024
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection'... Moderate Unreviewed
CVE-2024-38700 was published Jul 12, 2024
ProTip! Advisories are also available from the GraphQL API