Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,036
Erlang
29
GitHub Actions
18
Go
1,848
Maven
5,000+
npm
3,582
NuGet
636
pip
3,165
Pub
10
RubyGems
850
Rust
803
Swift
34
Unreviewed advisories
All unreviewed
5,000+

10,816 advisories

In affected versions of Octopus Server OIDC cookies were using the wrong expiration time which... Low Unreviewed
CVE-2024-7998 was published Aug 21, 2024
In Xpdf 4.05 (and earlier), a PDF object loop in a pattern resource leads to infinite recursion... Low Unreviewed
CVE-2024-7866 was published Aug 15, 2024
Concrete CMS vulnerable to Stored Cross-site Scripting Low
CVE-2024-7512 was published for concrete5/concrete5 (Composer) Aug 12, 2024
An authentication issue was addressed with improved state management. This issue is fixed in... Low Unreviewed
CVE-2024-40778 was published Jul 30, 2024
Concrete CMS Stored Cross-site Scripting vulnerability Low
CVE-2024-4350 was published for concrete5/concrete5 (Composer) Aug 12, 2024
Silverpeas vulnerable to password complexity rule bypass Low
CVE-2024-42850 was published for org.silverpeas.core:silverpeas-core (Maven) Aug 16, 2024
Authenticated Blind SSRF in automad/automad Low
CVE-2023-7037 was published for automad/automad (Composer) Dec 21, 2023
marcantondahmen
Trufflehog vulnerable to Blind SSRF in some Detectors Low
CVE-2024-43379 was published for github.com/trufflesecurity/trufflehog/v3 (Go) Aug 19, 2024
abankalarm
DoS in KAS in GitLab CE/EE affecting all versions from 16.10.0 prior to 16.10.6 and 16.11.0 prior... Low Unreviewed
CVE-2024-5469 was published Jun 14, 2024
In JetBrains TeamCity before 2024.07.1 reflected XSS was possible on the agentPushPreset page Low Unreviewed
CVE-2024-43809 was published Aug 16, 2024
In JetBrains TeamCity before 2024.07.1 self XSS was possible in the HashiCorp Vault plugin Low Unreviewed
CVE-2024-43808 was published Aug 16, 2024
Stylelint has vulnerability in semver dependency Low
GHSA-f7xj-rg7h-mc87 was published for stylelint (npm) Jul 7, 2023 withdrawn
romainmenke
Improper Validation of Array Index vulnerability in Samsung Open Source Walrus Webassembly... Low Unreviewed
CVE-2024-32673 was published Jul 3, 2024
In Xpdf 4.05 (and earlier), very large coordinates in a page box can cause an integer overflow... Low Unreviewed
CVE-2024-7867 was published Aug 15, 2024
In Xpdf 4.05 (and earlier), invalid header info in a DCT (JPEG) stream can lead to an... Low Unreviewed
CVE-2024-7868 was published Aug 15, 2024
This issue was addressed by restricting options offered on a locked device. This issue is fixed... Low Unreviewed
CVE-2024-40822 was published Jul 30, 2024
Null Pointer Dereference vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local... Low Unreviewed
CVE-2024-28584 was published Mar 20, 2024
Elliptic's EDDSA missing signature length check Low
CVE-2024-42459 was published for elliptic (npm) Aug 2, 2024
BlazingWizard
Elliptic's ECDSA missing check for whether leading bit of r and s is zero Low
CVE-2024-42460 was published for elliptic (npm) Aug 2, 2024
BlazingWizard
Elliptic allows BER-encoded signatures Low
CVE-2024-42461 was published for elliptic (npm) Aug 2, 2024
BlazingWizard
Stored XSS vulnerability has been discovered in OpenText™ Filr product, affecting versions 24.1.1... Low Unreviewed
CVE-2024-4187 was published Jul 31, 2024
Open Robotics Robotic Operating Sytstem 2 (ROS2) and Nav2 humble versions were discovered to... Low Unreviewed
CVE-2024-25196 was published Feb 20, 2024
node-ipc behavior change Low
GHSA-3mpp-xfvh-qh37 was published for node-ipc (npm) Mar 16, 2022
pallost
In JetBrains TeamCity before 2024.07 an OAuth code for JetBrains Space could be stolen via Space... Low Unreviewed
CVE-2024-41829 was published Jul 22, 2024
Improper initialization for the Intel(R) PROSet/Wireless and Intel(R) Killer(TM) Wi-Fi software... Low Unreviewed
CVE-2023-35061 was published Aug 14, 2024
ProTip! Advisories are also available from the GraphQL API