Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,300
Erlang
31
GitHub Actions
21
Go
2,069
Maven
5,000+
npm
3,744
NuGet
668
pip
3,429
Pub
12
RubyGems
892
Rust
880
Swift
36
Unreviewed advisories
All unreviewed
5,000+

101,880 advisories

Loading
In the Linux kernel, the following vulnerability has been resolved: mptcp: fix double-free on... High Unreviewed
CVE-2024-26782 was published Apr 4, 2024
Due to URL previews in the network panel of developer tools improperly storing URLs, query... High Unreviewed
CVE-2023-25731 was published Jun 2, 2023
Apache Hadoop allows local user to gain root privileges High
CVE-2023-26031 was published for org.apache.hadoop:hadoop-yarn-project (Maven) Nov 16, 2023
vulnerability-analyst anonymous-nlp-student
In DevmemIntMapPages of devicemem_server.c, there is a possible physical page uaf due to a logic... High Unreviewed
CVE-2023-35685 was published Jan 8, 2025
Spring Framework Path Traversal vulnerability High
CVE-2024-38819 was published for org.springframework:spring-webflux (Maven) Dec 19, 2024
Incorrect control of environment variables in PostgreSQL PL/Perl allows an unprivileged database... High Unreviewed
CVE-2024-10979 was published Nov 14, 2024
Hashicorp Consul Path Traversal vulnerability High
CVE-2024-10005 was published for github.com/hashicorp/consul (Go) Oct 31, 2024
An Improper Access Control vulnerability exists in lunary-ai/lunary version 1.2.2, where users... High Unreviewed
CVE-2024-4151 was published May 20, 2024
In lunary-ai/lunary version 1.2.2, an incorrect synchronization vulnerability allows unprivileged... High Unreviewed
CVE-2024-4154 was published May 21, 2024
The fetch(3) library uses environment variables for passing certain information, including the... High Unreviewed
CVE-2024-45289 was published Nov 12, 2024
Vault SSH Secrets Engine Configuration Did Not Restrict Valid Principals By Default High
CVE-2024-7594 was published for github.com/hashicorp/vault (Go) Sep 26, 2024
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix... High Unreviewed
CVE-2024-56775 was published Jan 8, 2025
A Server-Side Request Forgery (SSRF) vulnerability in Microsoft Purview allows an authorized... High Unreviewed
CVE-2025-21385 was published Jan 10, 2025
Improper access control in Azure SaaS Resources allows an authorized attacker to disclose... High Unreviewed
CVE-2025-21380 was published Jan 10, 2025
Due to the improper handling of batch files in child_process.spawn / child_process.spawnSync, a... High Unreviewed
CVE-2024-27980 was published Jan 9, 2025
A post-authentication absolute path traversal vulnerability in SonicOS management allows a remote... High Unreviewed
CVE-2024-12806 was published Jan 9, 2025
After downloading a Windows <code>.scf</code> script from the local filesystem, an attacker could... High Unreviewed
CVE-2023-25740 was published Jun 2, 2023
Mozilla developers Timothy Nikkel, Gabriele Svelto, Jeff Muizelaar and the Mozilla Fuzzing Team... High Unreviewed
CVE-2023-25745 was published Jun 2, 2023
Information disclosure due to uninitialized variable. High Unreviewed
CVE-2017-18306 was published Nov 26, 2024
Transient DOS while processing an improperly formatted Fine Time Measurement (FTM) management frame. High Unreviewed
CVE-2024-23363 was published Jun 3, 2024
An unsigned integer underflow vulnerability in IPA driver result into a buffer over-read while... High Unreviewed
CVE-2018-5852 was published Nov 26, 2024
After downloading a Windows <code>.url</code> shortcut from the local filesystem, an attacker... High Unreviewed
CVE-2023-25734 was published Jun 2, 2023
An invalid downcast from <code>nsTextNode</code> to <code>SVGElement</code> could have lead to... High Unreviewed
CVE-2023-25737 was published Jun 2, 2023
An issue in South River Technologies TitanFTP Before v2.0.1.2102 allows attackers with low-level... High Unreviewed
CVE-2023-27745 was published Jun 2, 2023
An Out-of-bounds Read vulnerability in Juniper Networks Junos OS and Junos OS Evolved's routing... High Unreviewed
CVE-2025-21598 was published Jan 9, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database