GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,036
Erlang
29
GitHub Actions
18
Go
1,848
Maven
5,000+
npm
3,582
NuGet
636
pip
3,165
Pub
10
RubyGems
850
Rust
803
Swift
34
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
9,702 advisories
Filter by severity
In affected versions of Octopus Server OIDC cookies were using the wrong expiration time which...
Low
Unreviewed
CVE-2024-7998
was published
Aug 21, 2024
In Xpdf 4.05 (and earlier), a PDF object loop in a pattern resource leads to infinite recursion...
Low
Unreviewed
CVE-2024-7866
was published
Aug 15, 2024
An authentication issue was addressed with improved state management. This issue is fixed in...
Low
Unreviewed
CVE-2024-40778
was published
Jul 30, 2024
DoS in KAS in GitLab CE/EE affecting all versions from 16.10.0 prior to 16.10.6 and 16.11.0 prior...
Low
Unreviewed
CVE-2024-5469
was published
Jun 14, 2024
In JetBrains TeamCity before 2024.07.1 reflected XSS was possible on the agentPushPreset page
Low
Unreviewed
CVE-2024-43809
was published
Aug 16, 2024
In JetBrains TeamCity before 2024.07.1 self XSS was possible in the HashiCorp Vault plugin
Low
Unreviewed
CVE-2024-43808
was published
Aug 16, 2024
Improper Validation of Array Index vulnerability in Samsung Open Source Walrus Webassembly...
Low
Unreviewed
CVE-2024-32673
was published
Jul 3, 2024
In Xpdf 4.05 (and earlier), very large coordinates in a page box can cause an integer overflow...
Low
Unreviewed
CVE-2024-7867
was published
Aug 15, 2024
In Xpdf 4.05 (and earlier), invalid header info in a DCT (JPEG) stream can lead to an...
Low
Unreviewed
CVE-2024-7868
was published
Aug 15, 2024
This issue was addressed by restricting options offered on a locked device. This issue is fixed...
Low
Unreviewed
CVE-2024-40822
was published
Jul 30, 2024
Null Pointer Dereference vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local...
Low
Unreviewed
CVE-2024-28584
was published
Mar 20, 2024
Stored XSS vulnerability has been discovered in OpenText™ Filr product, affecting versions 24.1.1...
Low
Unreviewed
CVE-2024-4187
was published
Jul 31, 2024
Open Robotics Robotic Operating Sytstem 2 (ROS2) and Nav2 humble versions were discovered to...
Low
Unreviewed
CVE-2024-25196
was published
Feb 20, 2024
In JetBrains TeamCity before 2024.07 an OAuth code for JetBrains Space could be stolen via Space...
Low
Unreviewed
CVE-2024-41829
was published
Jul 22, 2024
Improper initialization for the Intel(R) PROSet/Wireless and Intel(R) Killer(TM) Wi-Fi software...
Low
Unreviewed
CVE-2023-35061
was published
Aug 14, 2024
Improper input validation for some Intel(R) Distribution for GDB software before version 2024.0.1...
Low
Unreviewed
CVE-2024-24973
was published
Aug 14, 2024
An insufficient session expiration vulnerability [CWE-613] vulnerability in FortiOS 7.2.5 and...
Low
Unreviewed
CVE-2022-45862
was published
Aug 13, 2024
Insufficient input validation in the ABL may allow a privileged
attacker with access to the BIOS...
Low
Unreviewed
CVE-2021-46772
was published
Aug 13, 2024
A hardcoded AES key in PMFW may result in a privileged attacker gaining access to the key,...
Low
Unreviewed
CVE-2023-20512
was published
Aug 13, 2024
Improper input validation in AMD μProf could allow an attacker to perform a write to an invalid...
Low
Unreviewed
CVE-2023-31366
was published
Aug 13, 2024
Improper validation of array index in Power Management Firmware (PMFW) may allow a privileged...
Low
Unreviewed
CVE-2023-31307
was published
Aug 13, 2024
Insufficient access controls in ASP kernel may allow a
privileged attacker with access to AMD...
Low
Unreviewed
CVE-2021-26387
was published
Aug 13, 2024
Improper input validation in SMU may allow an attacker with privileges and a compromised physical...
Low
Unreviewed
CVE-2023-31304
was published
Aug 13, 2024
Generation of weak and predictable Initialization Vector (IV) in PMFW (Power Management Firmware)...
Low
Unreviewed
CVE-2023-31305
was published
Aug 13, 2024
Incomplete cleanup in the ASP may expose the Master Encryption Key (MEK) to a privileged attacker...
Low
Unreviewed
CVE-2023-20518
was published
Aug 13, 2024
ProTip!
Advisories are also available from the
GraphQL API