GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,279
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,421
Pub
12
RubyGems
891
Rust
873
Swift
36
Unreviewed advisories
All unreviewed
5,000+
282 advisories
Filter by severity
Oqtane Framework Incorrect Access Control vulnerability
High
CVE-2024-55470
was published
for
Oqtane.Framework
(NuGet)
Dec 20, 2024
An IDOR vulnerability in the manage-notes.php module in PHPGurukul Online Notes Sharing...
Moderate
Unreviewed
CVE-2024-55232
was published
Dec 19, 2024
Authentication Bypass by Spoofing vulnerability in Michal Novák Secure Admin IP allows...
Moderate
Unreviewed
CVE-2023-41133
was published
Dec 13, 2024
Snap One OVRC cloud uses the MAC address as an identifier to provide information when requested....
High
Unreviewed
CVE-2024-50380
was published
Dec 2, 2024
A bug in the code allows an attacker to sign a forged zbx_session cookie, which then allows them...
High
Unreviewed
CVE-2024-36466
was published
Nov 28, 2024
The incorrect domain may have been displayed in the address bar during an interrupted navigation...
Moderate
Unreviewed
CVE-2024-11701
was published
Nov 26, 2024
An attacker could cause a select dropdown to be shown over another tab; this could have led to...
Moderate
Unreviewed
CVE-2024-11692
was published
Nov 26, 2024
CWE-290: Authentication Bypass by Spoofing vulnerability exists that could cause a denial of...
High
Unreviewed
CVE-2024-8935
was published
Nov 13, 2024
When using IPAuthenticationProvider in ZooKeeper Admin Server there is a possibility of...
Critical
Unreviewed
CVE-2024-51504
was published
Nov 7, 2024
A clipboard "paste" button could persist across tabs which allowed a spoofing attack. This...
High
Unreviewed
CVE-2024-10465
was published
Oct 29, 2024
Truncation of a long URL could have allowed origin spoofing in a permission prompt. This...
High
Unreviewed
CVE-2024-10462
was published
Oct 29, 2024
A vulnerability in the Network Service Group (NSG) feature of Cisco Adaptive Security Appliance ...
Moderate
Unreviewed
CVE-2024-20384
was published
Oct 23, 2024
A vulnerability in the AnyConnect firewall for Cisco Adaptive Security Appliance (ASA) Software...
Moderate
Unreviewed
CVE-2024-20299
was published
Oct 23, 2024
A vulnerability in the AnyConnect firewall for Cisco Adaptive Security Appliance (ASA) Software...
Moderate
Unreviewed
CVE-2024-20297
was published
Oct 23, 2024
QUIC in HAProxy 3.1.x before 3.1-dev7, 3.0.x before 3.0.5, and 2.9.x before 2.9.11 allows opening...
Moderate
Unreviewed
CVE-2024-49214
was published
Oct 14, 2024
Zendesk before 2024-07-02 allows remote attackers to read ticket history via e-mail spoofing,...
High
Unreviewed
CVE-2024-49193
was published
Oct 12, 2024
A user who enables full-screen mode on a specially crafted web page could potentially be...
Moderate
Unreviewed
CVE-2024-9391
was published
Oct 1, 2024
Mellium allows Authentication Bypass by Spoofing
Critical
CVE-2024-46957
was published
for
mellium.im/xmpp
(Go)
Sep 25, 2024
Entrust Instant Financial Issuance (On Premise) Software (formerly known as Cardwizard) 6.10.0, 6...
Moderate
Unreviewed
CVE-2024-39341
was published
Sep 23, 2024
Authentication Bypass by Spoofing vulnerability in Peter Hardy-vanDoorn Maintenance Redirect...
Low
Unreviewed
CVE-2024-45453
was published
Sep 23, 2024
CoreDNS Cache Poisoning via a birthday attack
Moderate
CVE-2023-30464
was published
for
github.com/coredns/coredns
(Go)
Sep 18, 2024
An issue was discovered in GitLab CE/EE affecting all versions starting from 8.14 prior to 17.1.7...
Critical
Unreviewed
CVE-2024-6678
was published
Sep 12, 2024
An incorrectly implemented authentication scheme that is subjected to a spoofing attack in the...
High
Unreviewed
CVE-2024-44104
was published
Sep 10, 2024
If a site had been granted the permission to open popup windows, it could cause Select elements...
Moderate
Unreviewed
CVE-2024-8386
was published
Sep 3, 2024
In WS_FTP Server versions before 8.8.8 (2022.0.8), a Missing Critical Step in Multi-Factor...
Moderate
Unreviewed
CVE-2024-7745
was published
Aug 28, 2024
ProTip!
Advisories are also available from the
GraphQL API