Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,299
Erlang
31
GitHub Actions
21
Go
2,064
Maven
5,000+
npm
3,744
NuGet
668
pip
3,424
Pub
12
RubyGems
892
Rust
877
Swift
36
Unreviewed advisories
All unreviewed
5,000+

134 advisories

Loading
A validation integrity issue was discovered in Fort through 1.6.4 before 2.0.0. RPKI manifests... Moderate Unreviewed
CVE-2024-56170 was published Dec 18, 2024
A cookie management issue was addressed with improved state management. This issue is fixed in... Moderate Unreviewed
CVE-2024-44212 was published Dec 12, 2024
This issue was addressed by enabling hardened runtime. This issue is fixed in macOS Sequoia 15.2.... Moderate Unreviewed
CVE-2024-54490 was published Dec 12, 2024
pnpm no-script global cache poisoning via overrides / `ignore-scripts` evasion Moderate
CVE-2024-53866 was published for pnpm (npm) Dec 10, 2024
ChALkeR
MSA FieldServer Gateway 5.0.0 through 6.5.2 allows cross-origin WebSocket hijacking. Moderate Unreviewed
CVE-2024-45495 was published Nov 29, 2024
An issue in Instrument Cluster KIA Seltos Software v1.0, Hardware v1.0 allows attackers to cause... Moderate Unreviewed
CVE-2024-51072 was published Nov 22, 2024
An issue in kodbox v.1.52.04 and before allows a remote attacker to obtain sensitive information... Moderate Unreviewed
CVE-2024-51037 was published Nov 15, 2024
The origin of an external protocol handler prompt could have been obscured using a data: URL... Moderate Unreviewed
CVE-2024-10460 was published Oct 29, 2024
Gradio's CORS origin validation accepts the null origin Moderate
CVE-2024-47165 was published for gradio (pip) Oct 10, 2024
ahpaleus Vasco-jofra
A cross-origin issue existed with "iframe" elements. This was addressed with improved tracking of... Moderate Unreviewed
CVE-2024-44187 was published Sep 17, 2024
Insufficient policy enforcement in Data Transfer in Google Chrome prior to 128.0.6613.84 allowed... Moderate Unreviewed
CVE-2024-7978 was published Aug 21, 2024
Mattermost allows remote actor to set arbitrary RemoteId values for synced users Moderate
CVE-2024-41926 was published for github.com/mattermost/mattermost/server/v8 (Go) Aug 1, 2024
There is a permissions and access control vulnerability in ZXCLOUD IRAI.An attacker can elevate... Moderate Unreviewed
CVE-2024-22062 was published Jul 9, 2024
Lack of validation of origin in federation API in Conduit, allowing any remote server to... Moderate Unreviewed
CVE-2024-6301 was published Jun 25, 2024
Brocade Web Interface in Brocade Fabric OS v9.x and before v9.2.0 does not properly represent... Moderate Unreviewed
CVE-2023-5973 was published Apr 5, 2024
A flaw was found in the Open Virtual Network (OVN). In OVN clusters where BFD is used between... Moderate Unreviewed
CVE-2024-2182 was published Mar 12, 2024
An unauthenticated remote attacker can perform a remote code execution due to an origin... Moderate Unreviewed
CVE-2024-25996 was published Mar 12, 2024
IBM Cognos Analytics 11.1.7, 11.2.4, and 12.0.0 could be vulnerable to information leakage due to... Moderate Unreviewed
CVE-2023-30996 was published Feb 26, 2024
An improper verification vulnerability in the GlobalProtect gateway feature of Palo Alto Networks... Moderate Unreviewed
CVE-2024-0009 was published Feb 14, 2024
An unauthenticated attacker can send a ping request from one network to another through an error... Moderate Unreviewed
CVE-2024-24782 was published Feb 13, 2024
Classic builder cache poisoning Moderate
CVE-2024-24557 was published for github.com/docker/docker (Go) Feb 1, 2024
vvoland rumpl
gabriellavengeo
Incorrect security UI in Payments in Google Chrome prior to 121.0.6167.85 allowed a remote... Moderate Unreviewed
CVE-2024-0814 was published Jan 24, 2024
A phishing site could have repurposed an `about:` dialog to show phishing content with an... Moderate Unreviewed
CVE-2024-0749 was published Jan 23, 2024
A vulnerability in the AnyConnect SSL VPN feature of Cisco Adaptive Security Appliance (ASA)... Moderate Unreviewed
CVE-2023-20275 was published Dec 12, 2023
Origin Validation Error vulnerability in Zscaler Client Connector on Linux allows Privilege Abuse... Moderate Unreviewed
CVE-2023-28794 was published Nov 6, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database