Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

258 advisories

Loading
An issue was discovered in Technitium through 11.0.3. It enables attackers to conduct a DNS cache... High Unreviewed
CVE-2023-28457 was published Sep 18, 2024
Dovecot accepts dot LF DOT LF symbol as end of DATA command. RFC requires that it should always... Moderate Unreviewed
CVE-2024-25584 was published Sep 6, 2024
The Web Application Firewall plugin for WordPress is vulnerable to IP Address Spoofing in... Moderate Unreviewed
CVE-2022-4539 was published Aug 31, 2024
Insufficient data validation in Installer in Google Chrome on Windows prior to 128.0.6613.84... High Unreviewed
CVE-2024-7979 was published Aug 21, 2024
Insufficient data validation in Installer in Google Chrome on Windows prior to 128.0.6613.84... High Unreviewed
CVE-2024-7980 was published Aug 21, 2024
Windows Print Spooler Elevation of Privilege Vulnerability High Unreviewed
CVE-2024-38198 was published Aug 13, 2024
Windows DNS Spoofing Vulnerability High Unreviewed
CVE-2024-37968 was published Aug 13, 2024
Diebold Nixdorf Vynamic Security Suite (VSS) before 3.3.0 SR15, 4.0.0 SR05, 4.1.0 SR03, and 4.2.0... Moderate Unreviewed
CVE-2023-28865 was published Aug 8, 2024
Insufficient data validation in Dawn in Google Chrome on Android prior to 127.0.6533.88 allowed a... High Unreviewed
CVE-2024-7256 was published Aug 1, 2024
Matrix Tafnit v8 - CWE-646: Reliance on File Name or Extension of Externally-Supplied File Moderate Unreviewed
CVE-2024-38432 was published Jul 30, 2024
Insufficient data validation in Updater in Google Chrome prior to 120.0.6099.62 allowed a remote... High Unreviewed
CVE-2024-3173 was published Jul 17, 2024
Insufficient verification of data authenticity issue exists in NJ Series CPU Unit all versions... High Unreviewed
CVE-2024-33687 was published Jun 24, 2024
Use of Less Trusted Source vulnerability in SolidWP Solid Security allows HTTP DoS.This issue... Low Unreviewed
CVE-2022-44593 was published Jun 21, 2024
Invision Community through 4.7.16 allows remote code execution via the applications/core/modules... High Unreviewed
CVE-2024-30162 was published Jun 7, 2024
An attacker with access to the private network (the charger is connected to) or local access to... Moderate Unreviewed
CVE-2024-5684 was published Jun 6, 2024
A flaw was found in Booth, a cluster ticket manager. If a specially-crafted hash is passed to... High Unreviewed
CVE-2024-3049 was published Jun 6, 2024
Insufficient Verification of Data Authenticity vulnerability in Cozmoslabs Profile Builder allows... Moderate Unreviewed
CVE-2024-31341 was published May 17, 2024
Insufficient verification of data authenticity in the installer for Zoom Workplace VDI App for... Moderate Unreviewed
CVE-2024-27244 was published May 15, 2024
ThroughTek Kalay SDK does not verify the authenticity of received messages, allowing an attacker... Moderate Unreviewed
CVE-2023-6323 was published May 15, 2024
An insufficient verification of data authenticity vulnerability [CWE-345] in Fortinet FortiOS SSL... Moderate Unreviewed
CVE-2023-45586 was published May 14, 2024
A vulnerability has been identified in SIMATIC RTLS Locating Manager (6GT2780-0DA00) (All... Moderate Unreviewed
CVE-2024-33494 was published May 14, 2024
NETGEAR RAX30 lighttpd Misconfiguration Remote Code Execution Vulnerability. This vulnerability... High Unreviewed
CVE-2023-27360 was published May 3, 2024
Malformed Device Reset Locally command classes can be sent to temporarily deny service to an end... High Unreviewed
CVE-2024-3051 was published Apr 27, 2024
Insufficient verification of data authenticity issue in Survey Maker prior to 3.6.4 allows a... Moderate Unreviewed
CVE-2023-35764 was published Apr 3, 2024
Malformed Device Reset Locally Command Class packets can be sent to the controller, causing the... Moderate Unreviewed
CVE-2023-6533 was published Feb 21, 2024
ProTip! Advisories are also available from the GraphQL API