GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,205
Erlang
31
GitHub Actions
19
Go
1,988
Maven
5,000+
npm
3,704
NuGet
661
pip
3,330
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+
61 advisories
Filter by severity
OpenStack Nova vulnerable to unauthorized access to potentially sensitive data
Moderate
CVE-2024-40767
was published
for
Nova
(pip)
Jul 24, 2024
When a protocol selection parameter option disables all protocols without adding any then the...
Low
Unreviewed
CVE-2024-2004
was published
Mar 27, 2024
An issue was discovered in Suricata 5.0.0. It is possible to bypass/evade any tcp based signature...
Moderate
Unreviewed
CVE-2019-18792
was published
May 24, 2022
Gateway API route matching order contradicts specification
Moderate
CVE-2024-42487
was published
for
github.com/cilium/cilium
(Go)
Aug 15, 2024
IBM Aspera Faspex 5.0.0 through 5.0.9 could allow a user to bypass intended access restrictions...
Moderate
Unreviewed
CVE-2024-45097
was published
Sep 5, 2024
url.c in GNU Wget through 1.24.5 mishandles semicolons in the userinfo subcomponent of a URI, and...
Critical
Unreviewed
CVE-2024-38428
was published
Jun 16, 2024
btcd susceptible to consensus failures
Moderate
CVE-2024-34478
was published
for
github.com/btcsuite/btcd
(Go)
May 5, 2024
Name confusion in x509 Subject Alternative Name fields
High
CVE-2023-52892
was published
for
phpseclib/phpseclib
(Composer)
Jun 28, 2024
A vulnerability in the activation of an access control list (ACL) on Cisco Adaptive Security...
Moderate
Unreviewed
CVE-2024-20293
was published
May 22, 2024
Softing Secure Integration Server Interpretation Conflict Remote Code Execution Vulnerability....
Moderate
Unreviewed
CVE-2023-39481
was published
May 3, 2024
An incorrect string comparison vulnerability in Palo Alto Networks PAN-OS software prevents...
Moderate
Unreviewed
CVE-2024-3386
was published
Apr 10, 2024
A interpretation conflict in Fortinet IPS Engine versions 7.321, 7.166 and 6.158 allows attacker...
High
Unreviewed
CVE-2023-40718
was published
Oct 10, 2023
In Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14, and Splunk Cloud Platform versions...
High
Unreviewed
CVE-2023-32708
was published
Jul 6, 2023
There is a misinterpretation of input vulnerability in Huawei Printer. Successful exploitation of...
High
Unreviewed
CVE-2022-48473
was published
Jun 16, 2023
There is a misinterpretation of input vulnerability in Huawei Printer. Successful exploitation of...
High
Unreviewed
CVE-2022-48471
was published
Jun 16, 2023
A vulnerability in the Secure Shell (SSH) server code of Cisco IOS Software and Cisco IOS XE...
High
Unreviewed
CVE-2020-3200
was published
May 24, 2022
The Lever PDF Embedder plugin 4.4 for WordPress does not block the distribution of polyglot PDF...
High
Unreviewed
CVE-2019-19589
was published
May 24, 2022
CarrierWave content-Type allowlist bypass vulnerability which possibly leads to XSS remained
Moderate
CVE-2024-29034
was published
for
carrierwave
(RubyGems)
Mar 25, 2024
A vulnerability in the TrustSec CLI parser of Cisco IOS and Cisco IOS XE Software could allow an...
High
Unreviewed
CVE-2021-34699
was published
May 24, 2022
Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting') in trillium-http and trillium-client
Moderate
CVE-2024-23644
was published
for
trillium-client
(Rust)
Jan 24, 2024
IBM PowerSC 1.3, 2.0, and 2.1 uses insecure HTTP methods which could allow a remote attacker to...
Moderate
Unreviewed
CVE-2023-50327
was published
Feb 2, 2024
Bref vulnerable to Body Parsing Inconsistency in Event-Driven Functions
Low
CVE-2024-24754
was published
for
bref/bref
(Composer)
Feb 1, 2024
Bref Doesn't Support Multiple Value Headers in ApiGatewayFormatV2
Moderate
CVE-2024-24753
was published
for
bref/bref
(Composer)
Feb 1, 2024
The vulnerability allows a remote attacker to inject arbitrary HTTP response headers or...
Moderate
Unreviewed
CVE-2023-48256
was published
Jan 10, 2024
ProTip!
Advisories are also available from the
GraphQL API