Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,189
Erlang
31
GitHub Actions
19
Go
1,985
Maven
5,000+
npm
3,701
NuGet
657
pip
3,326
Pub
11
RubyGems
882
Rust
836
Swift
35
Unreviewed advisories
All unreviewed
5,000+

34 advisories

Loading
In the Linux kernel, the following vulnerability has been resolved: ACPI: battery: Fix possible... Moderate Unreviewed
CVE-2024-49955 was published Oct 21, 2024
In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Fix crash caused... Moderate Unreviewed
CVE-2024-49953 was published Oct 21, 2024
Hyperledger Fabric does not verify request has a timestamp within the expected time window Moderate
CVE-2024-45244 was published for github.com/hyperledger/fabric (Go) Aug 25, 2024
TouchLink packets processed after timeout or out of range due to Operation on a Resource after... Critical Unreviewed
CVE-2023-41094 was published Oct 4, 2023
ZITADEL Allows Unauthorized Access After Organization or Project Deactivation Moderate
CVE-2024-47060 was published for github.com/zitadel/zitadel/v2 (Go) Sep 19, 2024
prdp1137 livio-a
fforootd
ZITADEL's Service Users Deactivation not Working High
CVE-2024-47000 was published for github.com/zitadel/zitadel/v2 (Go) Sep 19, 2024
livio-a fforootd
ZITADEL's User Grant Deactivation not Working High
CVE-2024-46999 was published for github.com/zitadel/zitadel/v2 (Go) Sep 19, 2024
livio-a fforootd
When the NGINX Plus is configured to use the MQTT pre-read module, undisclosed requests can cause... High Unreviewed
CVE-2024-39792 was published Aug 14, 2024
A flaw was found in the QEMU Virtio PCI Bindings (hw/virtio/virtio-pci.c). An improper release... Moderate Unreviewed
CVE-2024-4693 was published May 14, 2024
Mio's tokens for named pipes may be delivered after deregistration High
CVE-2024-27308 was published for mio (Rust) Mar 4, 2024
rofoun radekvit
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in blockmason credit-protocol. It has... Moderate Unreviewed
CVE-2018-25098 was published Feb 4, 2024
Possibility to circumvent the invitation token expiry period Moderate
CVE-2023-48220 was published for decidim (RubyGems) Feb 20, 2024
ahukkanen ctrgrb
Go package github.com/notaryproject/notation configured with permissive trust policies potentially susceptible to rollback attack from compromised registry Moderate
CVE-2024-23332 was published for github.com/notaryproject/notation (Go) Jan 19, 2024
JustinCappos
Pow Mnesia cache doesn't invalidate all expired keys on startup Moderate
CVE-2023-42446 was published for pow (Erlang) Sep 19, 2023
gVirtu
Philips Vue PACS versions 12.2.x.x and prior uses a cryptographic key or password past its... High Unreviewed
CVE-2021-33020 was published Apr 3, 2022
An issue was discovered in MaraDNS Deadwood through 3.5.0021 that allows variant V1 of unintended... High Unreviewed
CVE-2022-30256 was published Nov 19, 2022
A vulnerability has been identified in SIMATIC Drive Controller family (All versions < V2.9.4),... High Unreviewed
CVE-2021-37185 was published Feb 10, 2022
A vulnerability has been identified in SIMATIC Drive Controller family (All versions < V2.9.4),... High Unreviewed
CVE-2021-37204 was published Feb 10, 2022
An issue with app access to camera data was addressed with improved logic. This issue is fixed in... Low Unreviewed
CVE-2022-42838 was published Feb 27, 2023
Update unsound DrainFilter and RString::retain High
CVE-2020-36212 was published for abi_stable (Rust) Aug 25, 2021
get_gate_page in mm/gup.c in the Linux kernel 5.7.x and 5.8.x before 5.8.7 allows privilege... High Unreviewed
CVE-2020-25221 was published May 24, 2022
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the... High Unreviewed
CVE-2017-14895 was published May 13, 2022
An elevation of privilege vulnerability in CameraBase could enable a local malicious application... High Unreviewed
CVE-2017-0544 was published May 13, 2022
receiving subscription objects with deleted session Moderate
CVE-2020-15270 was published for parse-server (npm) Oct 27, 2020
davimacedo maxiqsoft
Operation on a Resource after Expiration or Release in Jetty Server Critical
CVE-2019-17638 was published for org.eclipse.jetty:jetty-server (Maven) Aug 5, 2020
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database