Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,189
Erlang
31
GitHub Actions
19
Go
1,985
Maven
5,000+
npm
3,701
NuGet
657
pip
3,326
Pub
11
RubyGems
882
Rust
836
Swift
35
Unreviewed advisories
All unreviewed
5,000+

342 advisories

Loading
In 2N Access Commander versions 3.1.1.2 and prior, an Insufficient Verification of Data... Moderate Unreviewed
CVE-2024-47254 was published Nov 5, 2024
In 2N Access Commander versions 3.1.1.2 and prior, a local attacker can escalate their privileges... Moderate Unreviewed
CVE-2024-47255 was published Nov 5, 2024
Laravel Reverb Missing API Signature Verification High
CVE-2024-50347 was published for laravel/reverb (Composer) Oct 31, 2024
RobertBoes
VULNERABILITY DETAILS Rockwell Automation used the latest versions of the CVSS scoring system to... High Unreviewed
CVE-2024-7847 was published Oct 14, 2024
Gradio lacks integrity checking on the downloaded FRP client High
CVE-2024-47867 was published for gradio (pip) Oct 10, 2024
ahpaleus Vasco-jofra
The goTenna Pro series use AES CTR mode for short, encrypted messages without any additional... Moderate Unreviewed
CVE-2024-47123 was published Sep 26, 2024
The goTenna Pro ATAK Plugin use AES CTR mode for short, encrypted messages without any... Moderate Unreviewed
CVE-2024-43108 was published Sep 26, 2024
Sony XAV-AX5500 Insufficient Firmware Update Validation Remote Code Execution Vulnerability. This... Moderate Unreviewed
CVE-2024-23922 was published Sep 23, 2024
HTTP client can manipulate custom HTTP headers that are added by Traefik Critical
CVE-2024-45410 was published for github.com/traefik/traefik (Go) Sep 19, 2024
drolmat
The Limit Login Attempts Plus plugin for WordPress is vulnerable to IP Address Spoofing in... Moderate Unreviewed
CVE-2022-4533 was published Sep 19, 2024
An issue was discovered in Technitium through 11.0.3. It enables attackers to conduct a DNS cache... High Unreviewed
CVE-2023-28457 was published Sep 18, 2024
Dovecot accepts dot LF DOT LF symbol as end of DATA command. RFC requires that it should always... Moderate Unreviewed
CVE-2024-25584 was published Sep 6, 2024
The Web Application Firewall plugin for WordPress is vulnerable to IP Address Spoofing in... Moderate Unreviewed
CVE-2022-4539 was published Aug 31, 2024
Insufficient data validation in Installer in Google Chrome on Windows prior to 128.0.6613.84... High Unreviewed
CVE-2024-7980 was published Aug 21, 2024
Insufficient data validation in Installer in Google Chrome on Windows prior to 128.0.6613.84... High Unreviewed
CVE-2024-7979 was published Aug 21, 2024
Windows Print Spooler Elevation of Privilege Vulnerability High Unreviewed
CVE-2024-38198 was published Aug 13, 2024
Windows DNS Spoofing Vulnerability High Unreviewed
CVE-2024-37968 was published Aug 13, 2024
Diebold Nixdorf Vynamic Security Suite (VSS) before 3.3.0 SR15, 4.0.0 SR05, 4.1.0 SR03, and 4.2.0... Moderate Unreviewed
CVE-2023-28865 was published Aug 8, 2024
In regclient, pinned manifest digests may be ignored Moderate
GHSA-qv35-3gw6-8q4j was published for github.com/regclient/regclient (Go) Aug 5, 2024
Insufficient data validation in Dawn in Google Chrome on Android prior to 127.0.6533.88 allowed a... High Unreviewed
CVE-2024-7256 was published Aug 1, 2024
Matrix Tafnit v8 - CWE-646: Reliance on File Name or Extension of Externally-Supplied File Moderate Unreviewed
CVE-2024-38432 was published Jul 30, 2024
DNSJava DNSSEC Bypass High
CVE-2024-25638 was published for dnsjava:dnsjava (Maven) Jul 22, 2024
bellebaum schanzen
milux levpachmanov
Insufficient data validation in Updater in Google Chrome prior to 120.0.6099.62 allowed a remote... High Unreviewed
CVE-2024-3173 was published Jul 17, 2024
Certifi removes GLOBALTRUST root certificate Low
CVE-2024-39689 was published for certifi (pip) Jul 5, 2024
Kwpolska
Insufficient verification of data authenticity issue exists in NJ Series CPU Unit all versions... High Unreviewed
CVE-2024-33687 was published Jun 24, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database