Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,051
Erlang
29
GitHub Actions
19
Go
1,887
Maven
5,000+
npm
3,602
NuGet
638
pip
3,205
Pub
10
RubyGems
852
Rust
816
Swift
35
Unreviewed advisories
All unreviewed
5,000+

288 advisories

Loading
Apache Helix Front (UI) component contained a hard-coded secret High
CVE-2024-22281 was published for org.apache.helix:helix (Maven) Aug 21, 2024
TorchServe gRPC Port Exposure High
CVE-2024-35199 was published for torchserve (pip) Jul 18, 2024
Windows MSHTML Platform Spoofing Vulnerability High Unreviewed
CVE-2024-38112 was published Jul 9, 2024
malicious container creates symlink "mtab" on the host External High
CVE-2024-5154 was published for github.com/cri-o/cri-o (Go) Jun 4, 2024
eriksjolund
A local attacker with low privileges can read and modify any users files and cause a DoS in the... High Unreviewed
CVE-2023-5751 was published Jun 4, 2024
Exposure of resource to wrong sphere in some Intel(R) DTT software installers may allow an... High Unreviewed
CVE-2024-21813 was published May 16, 2024
Vladimir Kononovich, a Security Researcher has found a flaw that using a inappropriate... High Unreviewed
CVE-2023-6096 was published Apr 26, 2024
DIRAC: Unauthorized users can read proxy contents during generation High
CVE-2024-29905 was published for DIRAC (pip) Apr 9, 2024
A flaw was found in PCP. The default pmproxy configuration exposes the Redis server backend to... High Unreviewed
CVE-2024-3019 was published Mar 28, 2024
runc vulnerable to container breakout through process.cwd trickery and leaked fds High
CVE-2024-21626 was published for github.com/opencontainers/runc (Go) Jan 31, 2024
rmcnamara-snyk cyphar
lifubang
The WP STAGING WordPress Backup plugin before 3.2.0 allows access to cache files during the... High Unreviewed
CVE-2023-7204 was published Jan 29, 2024
SENEC Storage Box V1,V2 and V3 accidentially expose a management UI accessible with publicly... High Unreviewed
CVE-2023-39171 was published Dec 7, 2023
In telephony service, there is a possible missing permission check. This could lead to remote... High Unreviewed
CVE-2023-42717 was published Dec 4, 2023
In telephony service, there is a possible missing permission check. This could lead to remote... High Unreviewed
CVE-2023-42716 was published Dec 4, 2023
A vulnerability was found in insights-client. This security issue occurs because of insecure file... High Unreviewed
CVE-2023-3972 was published Nov 1, 2023
An issue in Univention UCS v.5.0 allows a local attacker to execute arbitrary code and gain... High Unreviewed
CVE-2023-38994 was published Oct 31, 2023
The Bluetooth module has a vulnerability in permission control for broadcast notifications... High Unreviewed
CVE-2023-44101 was published Oct 11, 2023
Remote Procedure Call Information Disclosure Vulnerability High Unreviewed
CVE-2023-36596 was published Oct 10, 2023
The vulnerability is to theft of arbitrary files with system privilege in the LockScreenSettings ... High Unreviewed
CVE-2023-44122 was published Sep 27, 2023
Cadence through 0.9.2 2023-08-21 uses an Insecure /tmp/cadence-wineasio.reg Temporary File. The... High Unreviewed
CVE-2023-43783 was published Sep 22, 2023
** DISPUTED ** Plesk Onyx 17.8.11 has accessKeyId and secretAccessKey fields that are related to... High Unreviewed
CVE-2023-43784 was published Sep 22, 2023
Minio vulnerable to Privilege Escalation on Windows via Path separator manipulation High
CVE-2023-28433 was published for github.com/minio/minio (Go) Sep 6, 2023
donatello harshavardhana
RicterZ
Vulnerability of input parameters being not strictly verified in the AMS module. Successful... High Unreviewed
CVE-2023-39383 was published Aug 13, 2023
An information leak in PHPJabbers Yacht Listing Script v1.0 allows attackers to export clients'... High Unreviewed
CVE-2023-38830 was published Aug 10, 2023
Exposure of sensitive information in Zoom Client SDK's before 5.15.5 may allow an authenticated... High Unreviewed
CVE-2023-39214 was published Aug 9, 2023
ProTip! Advisories are also available from the GraphQL API