Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,300
Erlang
31
GitHub Actions
21
Go
2,069
Maven
5,000+
npm
3,744
NuGet
668
pip
3,429
Pub
12
RubyGems
892
Rust
880
Swift
36
Unreviewed advisories
All unreviewed
5,000+

219 advisories

Loading
OPCUAServerToolkit will write a log message once an OPC UA client has successfully connected... Moderate Unreviewed
CVE-2023-7234 was published Jan 16, 2024
Improper input validation for some Intel NUC BIOS firmware before version JY0070 may allow a... High Unreviewed
CVE-2023-28738 was published Jan 19, 2024
Dell Unity, versions prior to 5.4, contain a vulnerability whereby log messages can be spoofed... Low Unreviewed
CVE-2024-22229 was published Jan 24, 2024
A vulnerability classified as critical has been found in Sichuan Yougou Technology KuERP up to 1... Moderate Unreviewed
CVE-2024-0987 was published Jan 29, 2024
IBM Tivoli Application Dependency Discovery Manager 7.3.0.0 through 7.3.0.10 is vulnerable to... Critical Unreviewed
CVE-2023-47143 was published Feb 2, 2024
A host header injection vulnerability in the HTTP handler component of Crafty Controller allows a... High Unreviewed
CVE-2024-1064 was published Feb 3, 2024
Ansible-core information disclosure flaw Moderate
CVE-2024-0690 was published for ansible-core (pip) Feb 6, 2024
KaTeX's `\includegraphics` does not escape filename Moderate
CVE-2024-28245 was published for katex (npm) Mar 25, 2024
martinvks edemaine
jupenur
Apache Zeppelin vulnerable to cross-site scripting in the helium module Moderate
CVE-2024-31868 was published for org.apache.zeppelin:zeppelin-interpreter (Maven) Apr 9, 2024
oscerd
Improper escaping in Apache Zeppelin Critical
CVE-2024-31866 was published for org.apache.zeppelin:zeppelin-interpreter (Maven) Apr 9, 2024
raboof
IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 is vulnerable to injection attacks in... Moderate Unreviewed
CVE-2023-28952 was published May 3, 2024
Gradio before 4.20 allows credential leakage on Windows. High Unreviewed
CVE-2024-34510 was published May 5, 2024
TYPO3 vulnerable to an HTML Injection in the History Module Low
CVE-2024-34355 was published for typo3/cms-core (Composer) May 14, 2024
andreaskienast bnf
There exists a Denial of service vulnerability in Tink-cc in versions prior to 2.1.3.  * An... Unknown Unreviewed
CVE-2024-4420 was published May 21, 2024
Fides Webserver Logs Hosted Database Password Partial Exposure Vulnerability Low
CVE-2024-34715 was published for ethyca-fides (pip) May 29, 2024
tariqajyusuf pattisdr
A host whitelist parser issue in the proxy service implemented in the GravityZone Update Server... High Unreviewed
CVE-2024-4177 was published Jun 6, 2024
Jupyter Server Proxy has a reflected XSS issue in host parameter Critical
CVE-2024-35225 was published for jupyter-server-proxy (pip) Jun 11, 2024
dlqqq
An issue in dc2niix before v.1.0.20240202 allows a local attacker to execute arbitrary code via... High Unreviewed
CVE-2024-27629 was published Jun 29, 2024
Encoding problem in mod_proxy in Apache HTTP Server 2.4.59 and earlier allows request URLs with... High Unreviewed
CVE-2024-38473 was published Jul 1, 2024
Improper escaping of output in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows an... Critical Unreviewed
CVE-2024-38475 was published Jul 1, 2024
Substitution encoding issue in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows... Critical Unreviewed
CVE-2024-38474 was published Jul 1, 2024
IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 is vulnerable to HTTP header... Moderate Unreviewed
CVE-2024-39736 was published Jul 15, 2024
IBM Aspera Orchestrator 4.0.1 is vulnerable to HTTP header injection, caused by improper... Moderate Unreviewed
CVE-2023-26289 was published Jul 30, 2024
An issue was discovered in GitLab CE/EE affecting all versions starting from 8.16 prior to 17.0.6... Moderate Unreviewed
CVE-2024-6329 was published Aug 8, 2024
Windows App Installer Spoofing Vulnerability High Unreviewed
CVE-2024-38177 was published Aug 13, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database