GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
332 advisories
Filter by severity
IBM Aspera Faspex 5.0.5 could allow a remote attacked to bypass IP restrictions due to improper...
High
Unreviewed
CVE-2023-35906
was published
Sep 5, 2023
Insufficient verification of data authenticity in the installer for Zoom Workplace VDI App for...
Moderate
Unreviewed
CVE-2024-27244
was published
May 15, 2024
HTTP client can manipulate custom HTTP headers that are added by Traefik
Critical
CVE-2024-45410
was published
for
github.com/traefik/traefik
(Go)
Sep 19, 2024
The Web Application Firewall plugin for WordPress is vulnerable to IP Address Spoofing in...
Moderate
Unreviewed
CVE-2022-4539
was published
Aug 31, 2024
An issue was discovered in Technitium through 11.0.3. It enables attackers to conduct a DNS cache...
High
Unreviewed
CVE-2023-28457
was published
Sep 18, 2024
ASAR Integrity bypass via filetype confusion in electron
Moderate
CVE-2023-44402
was published
for
electron
(npm)
Dec 1, 2023
dnslib has DNS reply verification issue
High
CVE-2022-22846
was published
for
dnslib
(pip)
Jan 12, 2022
Certifi removing TrustCor root certificate
Moderate
CVE-2022-23491
was published
for
certifi
(pip)
Dec 7, 2022
In Astro-Shield, setting a correct `integrity` attribute to injected code allows to bypass the allow-lists
High
CVE-2024-30250
was published
for
@kindspells/astro-shield
(npm)
Apr 1, 2024
Matrix Tafnit v8
-
CWE-646: Reliance on File Name or Extension of Externally-Supplied File
Moderate
Unreviewed
CVE-2024-38432
was published
Jul 30, 2024
Dovecot accepts dot LF DOT LF symbol as end of DATA command. RFC requires that it should always...
Moderate
Unreviewed
CVE-2024-25584
was published
Sep 6, 2024
Ansible does not verify that the server hostname matches a domain name in certificates
High
CVE-2015-3908
was published
for
ansible
(pip)
Oct 10, 2018
Insufficient data validation in Installer in Google Chrome on Windows prior to 128.0.6613.84...
High
Unreviewed
CVE-2024-7980
was published
Aug 21, 2024
Insufficient data validation in Installer in Google Chrome on Windows prior to 128.0.6613.84...
High
Unreviewed
CVE-2024-7979
was published
Aug 21, 2024
The `fetch()` API and navigation incorrectly shared the same cache, as the cache key did not...
Critical
Unreviewed
CVE-2024-1554
was published
Feb 20, 2024
Diebold Nixdorf Vynamic Security Suite (VSS) before 3.3.0 SR15, 4.0.0 SR05, 4.1.0 SR03, and 4.2.0...
Moderate
Unreviewed
CVE-2023-28865
was published
Aug 8, 2024
RARLabs WinRAR before 6.23 allows attackers to execute arbitrary code when a user attempts to...
High
Unreviewed
CVE-2023-38831
was published
Aug 23, 2023
Windows Print Spooler Elevation of Privilege Vulnerability
High
Unreviewed
CVE-2024-38198
was published
Aug 13, 2024
Insufficient verification of data authenticity issue in Survey Maker prior to 3.6.4 allows a...
Moderate
Unreviewed
CVE-2023-35764
was published
Apr 3, 2024
In regclient, pinned manifest digests may be ignored
Moderate
GHSA-qv35-3gw6-8q4j
was published
for
github.com/regclient/regclient
(Go)
Aug 5, 2024
Insufficient data validation in Dawn in Google Chrome on Android prior to 127.0.6533.88 allowed a...
High
Unreviewed
CVE-2024-7256
was published
Aug 1, 2024
Insufficient data validation in Updater in Google Chrome prior to 120.0.6099.62 allowed a remote...
High
Unreviewed
CVE-2024-3173
was published
Jul 17, 2024
A flaw was found in Booth, a cluster ticket manager. If a specially-crafted hash is passed to...
High
Unreviewed
CVE-2024-3049
was published
Jun 6, 2024
ProTip!
Advisories are also available from the
GraphQL API