GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,279
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,421
Pub
12
RubyGems
891
Rust
873
Swift
36
Unreviewed advisories
All unreviewed
5,000+
135 advisories
Filter by severity
shadow-utils (aka shadow) 4.4 through 4.17.0 establishes a default /etc/subuid behavior (e.g.,...
Low
Unreviewed
CVE-2024-56433
was published
Dec 26, 2024
An issue was discovered in Siime Eye 14.1.00000001.3.330.0.0.3.14. It uses a default SSID value,...
Moderate
Unreviewed
CVE-2020-11917
was published
Nov 7, 2024
Filament has exported files stored in default (`public`) filesystem if not reconfigured
Low
CVE-2024-51758
was published
for
filament/actions
(Composer)
Nov 7, 2024
Asio C++ Library before 1.13.0 lacks a fallback error code in the case of SSL_ERROR_SYSCALL with...
High
Unreviewed
CVE-2019-25219
was published
Oct 29, 2024
Denial of Service in Forescout SecureConnector 11.1.02.1019 on Windows allows Unprivileged user...
Moderate
Unreviewed
CVE-2024-9949
was published
Oct 23, 2024
HCL Sametime is impacted by insecure services in-use on the UIM client by default. An unused...
Moderate
Unreviewed
CVE-2024-30124
was published
Oct 23, 2024
Insecure Default Initialization of Resource vulnerability in Apache Solr
High
CVE-2024-45217
was published
for
org.apache.solr:solr
(Maven)
Oct 16, 2024
Insecure initial password configuration issue in SEIKO EPSON Web Config allows a remote...
High
Unreviewed
CVE-2024-47295
was published
Oct 1, 2024
A condition exists in FlashArray Purity whereby a local account intended for initial array...
Critical
Unreviewed
CVE-2024-0001
was published
Sep 23, 2024
there is a possible arbitrary read due to an insecure default value. This could lead to local...
Moderate
Unreviewed
CVE-2024-44096
was published
Sep 13, 2024
Firefox normally asks for confirmation before asking the operating system to find an application...
High
Unreviewed
CVE-2024-8383
was published
Sep 3, 2024
In onForegroundServiceButtonClicked of FooterActionsViewModel.kt, there is a possible way to...
High
Unreviewed
CVE-2024-34734
was published
Aug 16, 2024
A remote unauthenticated attacker can use the firmware update feature on the LAN interface of the...
High
Unreviewed
CVE-2024-6788
was published
Aug 13, 2024
Enabled IP Forwarding feature in B&R Automation Runtime versions before 6.0.2 may allow remote...
Moderate
Unreviewed
CVE-2024-5801
was published
Aug 12, 2024
Initialization of a resource with an insecure default vulnerability in FutureNet NXR series, VXR...
Critical
Unreviewed
CVE-2024-31070
was published
Jul 17, 2024
vodozemac has degraded secret zeroization capabilities
Low
CVE-2024-34063
was published
for
vodozemac
(Rust)
May 3, 2024
Apache ActiveMQ's default configuration doesn't secure the API web context
High
CVE-2024-32114
was published
for
org.apache.activemq:apache-activemq
(Maven)
May 2, 2024
Insecure deserialization in BentoML
Critical
CVE-2024-2912
was published
for
bentoml
(pip)
Apr 16, 2024
A vulnerability in the BluStar component of Mitel InAttend 2.6 SP4 through 2.7 and CMG 8.5 SP4...
Critical
Unreviewed
CVE-2024-28815
was published
Mar 27, 2024
Initialization of a resource with an insecure default vulnerability in OET-213H-BTS1 sold in...
High
Unreviewed
CVE-2024-25972
was published
Mar 1, 2024
ASA-2024-004: Default configuration param for Evidence may limit window of validity
Low
GHSA-555p-m4v6-cqxv
was published
for
github.com/cometbft/cometbft
(Go)
Feb 28, 2024
The EDS-4000/G4000 Series prior to version 3.2 includes IP forwarding capabilities that users...
Moderate
Unreviewed
CVE-2024-0387
was published
Feb 26, 2024
In Liferay Portal 7.2.0 through 7.4.3.25, and older unsupported versions, and Liferay DXP 7.4...
Moderate
Unreviewed
CVE-2024-26267
was published
Feb 20, 2024
Liferay Portal has a Stored XSS with Blog entries (Insecure defaults)
Critical
CVE-2024-25610
was published
for
com.liferay.portal:com.liferay.portal.web
(Maven)
Feb 20, 2024
Certain configuration available in the communication channel for encoders could expose sensitive...
Moderate
Unreviewed
CVE-2024-22388
was published
Feb 7, 2024
ProTip!
Advisories are also available from the
GraphQL API