Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,176
Erlang
30
GitHub Actions
19
Go
1,982
Maven
5,000+
npm
3,701
NuGet
656
pip
3,323
Pub
11
RubyGems
882
Rust
834
Swift
35
Unreviewed advisories
All unreviewed
5,000+

11,040 advisories

Loading
A vulnerability in the API of Cisco ISE could allow an authenticated, remote attacker to upload... Low Unreviewed
CVE-2024-20528 was published Nov 6, 2024
A vulnerability was found in mariazevedo88 travels-java-api up to 5.0.1 and classified as... Low Unreviewed
CVE-2024-10920 was published Nov 6, 2024
Generation of weak and predictable Initialization Vector (IV) in PMFW (Power Management Firmware)... Low Unreviewed
CVE-2023-31305 was published Aug 13, 2024
A vulnerability, which was classified as problematic, has been found in Cosmote Greece What's Up... Low Unreviewed
CVE-2024-10748 was published Nov 4, 2024
Symfony vulnerable to open redirect via browser-sanitized URLs Low
CVE-2024-50345 was published for symfony/http-foundation (Composer) Nov 6, 2024
nicolas-grekas
Symfony has an incorrect response from Validator when input ends with `\n` Low
CVE-2024-50343 was published for symfony/symfony (Composer) Nov 6, 2024
alexandre-daubois
Symfony allows internal address and port enumeration by NoPrivateNetworkHttpClient Low
CVE-2024-50342 was published for symfony/http-client (Composer) Nov 6, 2024
nicolas-grekas zozs
Symfony's `Security::login` does not take into account custom `user_checker` Low
CVE-2024-50341 was published for symfony/security-bundle (Composer) Nov 6, 2024
94noni xabbuh
cap-std doesn't fully sandbox all the Windows device filenames Low
CVE-2024-51756 was published for cap-async-std (Rust) Nov 5, 2024
nathaniel-daniel
Wasmtime doesn't fully sandbox all the Windows device filenames Low
CVE-2024-51745 was published for wasmtime (Rust) Nov 5, 2024
nathaniel-daniel
Exposure of secrets through system log in Jenkins Structs Plugin Low
CVE-2024-39458 was published for org.jenkins-ci.plugins:structs (Maven) Jun 26, 2024
Improper authorization in Settings prior to SMR Nov-2024 Release 1 allows physical attackers to... Low Unreviewed
CVE-2024-34682 was published Nov 6, 2024
Improper access control in Dex Mode prior to SMR Nov-2024 Release 1 allows physical attackers to... Low Unreviewed
CVE-2024-34675 was published Nov 6, 2024
Cross-site request forgery vulnerability exists in ajaxterm module of Webmin versions prior to 2... Low Unreviewed
CVE-2024-36452 was published Jul 10, 2024
Insufficient input validation in the ABL may allow a privileged attacker with access to the BIOS... Low Unreviewed
CVE-2021-46772 was published Aug 13, 2024
@workos-inc/authkit-nextjs refresh tokens are logged when the debug flag is enabled Low
CVE-2024-51752 was published for @workos-inc/authkit-nextjs (npm) Nov 5, 2024
@workos-inc/authkit-remix refresh tokens are logged when the debug flag is enabled Low
CVE-2024-51753 was published for @workos-inc/authkit-remix (npm) Nov 5, 2024
LocalAI Cross-site Scripting vulnerability Low
CVE-2024-48057 was published for github.com/mudler/LocalAI (Go) Nov 5, 2024
Valid ECDSA signatures erroneously rejected in Elliptic Low
CVE-2024-48948 was published for elliptic (npm) Oct 15, 2024
martincostello IchordeDionysos
Nokia SR OS bof.cfg file encryption is vulnerable to a brute force attack. This weakness allows... Low Unreviewed
CVE-2023-6728 was published Oct 17, 2024
A logic issue was addressed with improved state management. This issue is fixed in iOS 17.4 and... Low Unreviewed
CVE-2024-23256 was published Mar 5, 2024
There is a low severity open redirect vulnerability within affected versions of Bitbucket Data... Low Unreviewed
CVE-2024-21684 was published Jul 24, 2024
Incomplete cleanup in the ASP may expose the Master Encryption Key (MEK) to a privileged attacker... Low Unreviewed
CVE-2023-20518 was published Aug 13, 2024
Vulnerability in the Oracle Database Core component of Oracle Database Server. Supported... Low Unreviewed
CVE-2024-21123 was published Jul 17, 2024
Langchain SQL Injection vulnerability Low
CVE-2024-8309 was published for langchain (pip) Oct 29, 2024
BarrensZeppelin eyurtsev
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database