Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,983
Erlang
29
GitHub Actions
16
Go
1,769
Maven
4,994
npm
3,540
NuGet
616
pip
3,113
Pub
10
RubyGems
838
Rust
787
Swift
34
Unreviewed advisories
All unreviewed
5,000+

22,053 advisories

Loading
Authorization bypass in Spring Security Critical
CVE-2022-22978 was published for org.springframework.security:spring-security-core (Maven) May 20, 2022
secjoker
Remote Command program allows an attacker to get Remote Code Execution by overwriting existing... Critical Unreviewed
CVE-2024-27173 was published Jun 14, 2024
Remote Command program allows an attacker to get Remote Code Execution. This vulnerability can be... Critical Unreviewed
CVE-2024-27174 was published Jun 14, 2024
Remote Command program allows an attacker to get Remote Code Execution. As for the affected... Critical Unreviewed
CVE-2024-27172 was published Jun 14, 2024
The Toshiba printers provide several ways to upload files using the web interface without... Critical Unreviewed
CVE-2024-27144 was published Jun 14, 2024
The Toshiba printers provide several ways to upload files using the admin web interface. An... Critical Unreviewed
CVE-2024-27145 was published Jun 14, 2024
Toshiba printers use SNMP for configuration. Using the private community, it is possible to... Critical Unreviewed
CVE-2024-27143 was published Jun 14, 2024
Zenario uses Twig filters insecurely in the Twig Snippet plugin Critical
CVE-2024-34461 was published for tribalsystems/zenario (Composer) May 4, 2024
Implementations of IPMI Authenticated sessions does not provide enough randomness to protect from... Critical Unreviewed
CVE-2024-3411 was published Apr 30, 2024
Type confusion if __private_get_type_id__ is overriden Critical
CVE-2020-25575 was published for failure (Rust) Jun 16, 2022
michaelkedar
Gradio was discovered to contain a code injection vulnerability via the component /gradio/component_meta.py Critical
CVE-2024-39236 was published for Gradio (pip) Jul 1, 2024
Apache StreamPipes: Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in Recovery Token Generation Critical
CVE-2024-29868 was published for org.apache.streampipes:streampipes-resource-management (Maven) Jun 24, 2024
oscerd
Sites managed in S@M CMS (Concept Intermedia) might be vulnerable to a blind SQL Injection... Critical Unreviewed
CVE-2024-3816 was published Jul 3, 2024
An issue discovered in skycaiji 2.8 allows attackers to run arbitrary code via crafted POST... Critical Unreviewed
CVE-2024-39243 was published Jun 26, 2024
An issue in OpenEMR 7.0.2 allows a remote attacker to escalate privileges viaa crafted POST... Critical Unreviewed
CVE-2024-37734 was published Jun 27, 2024
Security check loophole in HAProxy release (in combination with routing release) in Cloud Foundry... Critical Unreviewed
CVE-2024-37082 was published Jul 3, 2024
The Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress... Critical Unreviewed
CVE-2024-6172 was published Jul 2, 2024
SQL injection vulnerability in the module "Complete for Create a Quote in Frontend + Backend Pro"... Critical Unreviewed
CVE-2024-34988 was published Jun 25, 2024
In venc, there is a possible out of bounds write due to type confusion. This could lead to local... Critical Unreviewed
CVE-2024-20078 was published Jul 1, 2024
cafebazaar hod v0.4.14 was discovered to contain a prototype pollution via the function request.... Critical Unreviewed
CVE-2024-39015 was published Jul 1, 2024
Soft Circle French-Bread Melty Blood: Actress Again: Current Code through 1.07 Rev. 1.4.0 allows... Critical Unreviewed
CVE-2024-39704 was published Jul 3, 2024
Multiple directory traversal vulnerabilities in the TFTP Server in Distinct Intranet Servers 3.10... Critical Unreviewed
CVE-2012-6664 was published Jun 22, 2024
Internet2 Grouper before 5.6 allows authentication bypass when LDAP authentication is used in... Critical Unreviewed
CVE-2024-39848 was published Jun 30, 2024
In the Linux kernel, the following vulnerability has been resolved: clk: bcm: dvp: Assign ->num... Critical Unreviewed
CVE-2024-39462 was published Jun 25, 2024
agreejs shared v0.0.1 was discovered to contain a prototype pollution via the function... Critical Unreviewed
CVE-2024-39017 was published Jul 1, 2024
ProTip! Advisories are also available from the GraphQL API