Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,274
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,419
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+

216 advisories

Loading
Koji Cross-site Scripting Moderate
CVE-2024-9427 was published for koji (pip) Dec 24, 2024
XWiki Platform has an SQL injection in getdocuments.vm with sort parameter High
CVE-2024-55663 was published for org.xwiki.platform:xwiki-platform-distribution-war (Maven) Dec 12, 2024
A vulnerability was found in Romain Bourdon Wampserver all versions (discovered in v3.2.3 and v3... High Unreviewed
CVE-2024-46547 was published Dec 9, 2024
In ArrayConcatVisitor of builtins-array.cc, there is a possible type confusion due to improper... High Unreviewed
CVE-2018-9433 was published Nov 20, 2024
Hashicorp Consul Improper Neutralization of HTTP Headers for Scripting Syntax vulnerability Moderate
CVE-2024-10006 was published for github.com/hashicorp/consul (Go) Oct 31, 2024
Sharp and Toshiba Tec MFPs improperly process query parameters in HTTP requests, which may allow... High Unreviewed
CVE-2024-47549 was published Oct 25, 2024
A Directory Traversal vulnerability in the Boa webserver of Vilo 5 Mesh WiFi System <= 5.16.1.33... Moderate Unreviewed
CVE-2024-40088 was published Oct 21, 2024
A vulnerability in the AWV (Audio, Web and Video Conferencing) component of Mitel MiCollab... Moderate Unreviewed
CVE-2024-47224 was published Oct 21, 2024
Docker Desktop before v4.34.3 allows RCE via unsanitized GitHub source link in Build view. High Unreviewed
CVE-2024-9348 was published Oct 16, 2024
Account users in Apache CloudStack by default are allowed to upload and register templates for... High Unreviewed
CVE-2024-45219 was published Oct 16, 2024
An unauthenticated local attacker can gain admin privileges by deploying a config file due to... High Unreviewed
CVE-2024-45271 was published Oct 15, 2024
An issue was discovered in the Vector Skin component for MediaWiki before 1.39.5 and 1.40.x... Moderate Unreviewed
CVE-2023-45359 was published Oct 9, 2024
Improper Encoding or Escaping of Output vulnerability in The Wikimedia Foundation Mediawiki - CSS... Moderate Unreviewed
CVE-2024-47845 was published Oct 5, 2024
LibreNMS vulnerable to Stored Cross-site Scripting via File Upload Low
CVE-2024-47528 was published for librenms/librenms (Composer) Oct 1, 2024
minhnq1618
An issue has been discovered in GitLab EE affecting all versions starting from 16.0 prior to 17.2... Low Unreviewed
CVE-2024-4099 was published Sep 27, 2024
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting'),... Critical Unreviewed
CVE-2024-7873 was published Sep 17, 2024
Apache Airflow vulnerable to Improper Encoding or Escaping of Output High
CVE-2024-45498 was published for apache-airflow (pip) Sep 7, 2024
exolightor
A vulnerability was found in kitsada8621 Digital Library Management System 1.0. It has been... Moderate Unreviewed
CVE-2024-8297 was published Aug 29, 2024
In shouldRestrictOverlayActivities of UsbProfileGroupSettingsManager.java, there is a possible... High Unreviewed
CVE-2024-34739 was published Aug 16, 2024
Windows App Installer Spoofing Vulnerability High Unreviewed
CVE-2024-38177 was published Aug 13, 2024
An issue was discovered in GitLab CE/EE affecting all versions starting from 8.16 prior to 17.0.6... Moderate Unreviewed
CVE-2024-6329 was published Aug 8, 2024
IBM Aspera Orchestrator 4.0.1 is vulnerable to HTTP header injection, caused by improper... Moderate Unreviewed
CVE-2023-26289 was published Jul 30, 2024
IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 is vulnerable to HTTP header... Moderate Unreviewed
CVE-2024-39736 was published Jul 15, 2024
Encoding problem in mod_proxy in Apache HTTP Server 2.4.59 and earlier allows request URLs with... High Unreviewed
CVE-2024-38473 was published Jul 1, 2024
Improper escaping of output in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows an... Critical Unreviewed
CVE-2024-38475 was published Jul 1, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database