GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,189
Erlang
31
GitHub Actions
19
Go
1,985
Maven
5,000+
npm
3,701
NuGet
657
pip
3,326
Pub
11
RubyGems
882
Rust
836
Swift
35
Unreviewed advisories
All unreviewed
5,000+
141 advisories
Filter by severity
A file overwrite vulnerability exists in gaizhenbiao/chuanhuchatgpt versions <= 20240410. This...
Moderate
Unreviewed
CVE-2024-5823
was published
Oct 29, 2024
CVE-2024-45826 IMPACT
Due to improper input validation, a path traversal and remote code...
High
Unreviewed
CVE-2024-45826
was published
Sep 12, 2024
In certain highly specific configurations of the host system and MongoDB server binary...
Moderate
Unreviewed
CVE-2024-8207
was published
Aug 27, 2024
A vulnerability was found in SourceCodester Simple Online Bidding System 1.0. It has been...
Moderate
Unreviewed
CVE-2024-7911
was published
Aug 18, 2024
Nomad Vulnerable to Allocation Directory Escape On Non-Existing File Paths Through Archive Unpacking
Moderate
CVE-2024-7625
was published
for
github.com/hashicorp/nomad
(Go)
Aug 15, 2024
A vulnerability exists in the Rockwell Automation Emulate3D™, which could be leveraged to execute...
Moderate
Unreviewed
CVE-2024-6079
was published
Aug 13, 2024
Dell Command | Update, Dell Update, and Alienware Update UWP, versions prior to 5.4, contain an...
Moderate
Unreviewed
CVE-2024-28962
was published
Aug 6, 2024
snapd failed to properly check the destination of symbolic links when extracting a snap
Moderate
CVE-2024-29069
was published
for
github.com/snapcore/snapd
(Go)
Jul 25, 2024
HashiCorp Nomad and Nomad Enterprise 1.6.12 up to 1.7.9, and 1.8.1 archive unpacking during...
High
Unreviewed
CVE-2024-6717
was published
Jul 23, 2024
Windows Distributed Transaction Coordinator Remote Code Execution Vulnerability
Moderate
Unreviewed
CVE-2024-38049
was published
Jul 9, 2024
CometBFT is unstability during blocksync when syncing from malicious peer
Moderate
GHSA-hg58-rf2h-6rr7
was published
for
github.com/cometbft/cometbft
(Go)
Jun 28, 2024
Grafana Fine-grained access control vulnerability
Critical
CVE-2021-41244
was published
for
github.com/grafana/grafana
(Go)
May 14, 2024
Spin applications with specific configuration vulnerable to potential network sandbox escape
Critical
CVE-2024-32980
was published
for
spin-sdk
(Rust)
May 8, 2024
Micronaut management endpoints vulnerable to drive-by localhost attack
Moderate
CVE-2024-23639
was published
for
io.micronaut:micronaut-http-server
(Maven)
Feb 9, 2024
HashiCorp Nomad vulnerable to symlink attacks
High
CVE-2024-1329
was published
for
github.com/hashicorp/nomad
(Go)
Feb 8, 2024
CloudLinux
CageFS 7.0.8-2 or below insufficiently restricts file paths supplied to
the sendmail...
Moderate
Unreviewed
CVE-2020-36772
was published
Jan 22, 2024
A vulnerability classified as problematic was found in ForU CMS up to 2020-06-23. Affected by...
Moderate
Unreviewed
CVE-2024-0728
was published
Jan 19, 2024
ASUS Armoury Crate has a vulnerability in arbitrary file write and allows remote attackers to...
Critical
Unreviewed
CVE-2023-5716
was published
Jan 19, 2024
An information disclosure vulnerability exists in the aVideoEncoderReceiveImage.json.php image...
Moderate
Unreviewed
CVE-2023-49864
was published
Jan 10, 2024
An information disclosure vulnerability exists in the aVideoEncoderReceiveImage.json.php image...
Moderate
Unreviewed
CVE-2023-49862
was published
Jan 10, 2024
An information disclosure vulnerability exists in the aVideoEncoderReceiveImage.json.php image...
Moderate
Unreviewed
CVE-2023-49863
was published
Jan 10, 2024
External Control of File Name or Path in h2oai/h2o-3
Critical
CVE-2023-6569
was published
for
h2o
(pip)
Dec 14, 2023
A vulnerability was found in SourceCodester Simple Student Attendance System 1.0. It has been...
Moderate
Unreviewed
CVE-2023-6618
was published
Dec 8, 2023
In visitUris of Notification.java, there is a possible way to display images from another user...
Moderate
Unreviewed
CVE-2023-35668
was published
Dec 5, 2023
Malicious Code Execution Vulnerability due to External Control of File Name or Path in multiple...
High
Unreviewed
CVE-2023-5247
was published
Nov 30, 2023
ProTip!
Advisories are also available from the
GraphQL API