GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,974
Erlang
29
GitHub Actions
16
Go
1,762
Maven
4,984
npm
3,523
NuGet
611
pip
3,098
Pub
10
RubyGems
834
Rust
784
Swift
34
Unreviewed advisories
All unreviewed
5,000+
974 advisories
Filter by severity
Exposure of Resource to Wrong Sphere in ThinkPHP Framework
High
CVE-2022-25481
was published
for
topthink/framework
(Composer)
Mar 22, 2022
Exposure of resource to wrong sphere in some Intel(R) DTT software installers may allow an...
High
Unreviewed
CVE-2024-21813
was published
May 16, 2024
The --mirror documentation for Git through 2.35.1 does not mention the availability of deleted...
High
Unreviewed
CVE-2022-24975
was published
Feb 12, 2022
malicious container creates symlink "mtab" on the host External
High
CVE-2024-5154
was published
for
github.com/cri-o/cri-o
(Go)
Jun 4, 2024
Microsoft Word Information Disclosure Vulnerability
Moderate
Unreviewed
CVE-2023-36761
was published
Sep 12, 2023
CWE-668: Exposure of the Resource Wrong Sphere vulnerability exists that exposes a SSH
interface...
Moderate
Unreviewed
CVE-2024-5313
was published
Jun 12, 2024
A local attacker with low privileges can read and modify any users files and cause a DoS in the...
High
Unreviewed
CVE-2023-5751
was published
Jun 4, 2024
A flaw was found in the blkgs destruction path in block/blk-cgroup.c in the Linux kernel, leading...
Moderate
Unreviewed
CVE-2024-0443
was published
Jan 12, 2024
A flaw was found in PCP. The default pmproxy configuration exposes the Redis server backend to...
High
Unreviewed
CVE-2024-3019
was published
Mar 28, 2024
Microsoft: CBC Padding Oracle in Azure Blob Storage Encryption Library
Moderate
CVE-2022-30187
was published
for
Azure.Storage.Blobs
(Maven)
Jul 13, 2022
robbert229/jwt's token validation methods vulnerable to a timing side-channel during HMAC comparison
High
CVE-2015-10004
was published
for
github.com/robbert229/jwt
(Go)
Dec 28, 2022
wolfictl leaks GitHub tokens to remote non-GitHub git servers
Moderate
CVE-2024-35183
was published
for
github.com/wolfi-dev/wolfictl
(Go)
May 15, 2024
A vulnerability has been identified in Mendix Applications using Mendix 7 (All versions < V7.23...
High
Unreviewed
CVE-2022-24309
was published
Mar 9, 2022
Moodle Insecure direct object reference (IDOR) in a calendar web service
Moderate
CVE-2021-43560
was published
for
moodle/moodle
(Composer)
May 24, 2022
Softing Secure Integration Server Exposure of Resource to Wrong Sphere Remote Code Execution...
Moderate
Unreviewed
CVE-2023-39478
was published
May 3, 2024
In the Linux kernel, the following vulnerability has been resolved:
HID: usbhid: fix info leak...
Moderate
Unreviewed
CVE-2021-46906
was published
Feb 26, 2024
Vladimir Kononovich, a Security Researcher has found a flaw that using a inappropriate...
High
Unreviewed
CVE-2023-6096
was published
Apr 26, 2024
Unauthenticated Sensitive Information Disclosure vulnerability
Moderate
CVE-2022-34867
was published
for
libreform/libreform
(Composer)
Sep 7, 2022
Dolibarr Stored Cross-site Scripting
Moderate
CVE-2020-13240
was published
for
dolibarr/dolibarr
(Composer)
May 24, 2022
Moodle No groups filtering in H5P activity attempts report
Moderate
CVE-2022-40316
was published
for
moodle/moodle
(Composer)
Oct 1, 2022
Moodle Unauthorized searching of arbitrary blogs by typing full url
Moderate
CVE-2017-7490
was published
for
moodle/moodle
(Composer)
May 13, 2022
JetPack Exposure of Resource to Wrong Sphere
Moderate
CVE-2021-24374
was published
for
automattic/jetpack
(Composer)
May 24, 2022
Moodle may display roles to users who don't have access to them
Moderate
CVE-2023-1402
was published
for
moodle/moodle
(Composer)
Mar 23, 2023
Moodle may allow teachers to access the names of users they could not otherwise access
Moderate
CVE-2023-28336
was published
for
moodle/moodle
(Composer)
Mar 23, 2023
IPv6 enabled on IPv4-only network interfaces
Moderate
CVE-2024-32473
was published
for
github.com/docker/docker
(Go)
Apr 18, 2024
ProTip!
Advisories are also available from the
GraphQL API