Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,300
Erlang
31
GitHub Actions
21
Go
2,069
Maven
5,000+
npm
3,744
NuGet
668
pip
3,429
Pub
12
RubyGems
892
Rust
880
Swift
36
Unreviewed advisories
All unreviewed
5,000+

101,880 advisories

Loading
In the Linux kernel, the following vulnerability has been resolved: fsnotify: Fix ordering of... High Unreviewed
CVE-2024-53143 was published Dec 7, 2024
HCL MyXalytics is affected by out-of-band resource load (HTTP) vulnerability. An attacker can... High Unreviewed
CVE-2024-42168 was published Jan 11, 2025
The Coupon X: Discount Pop Up, Promo Code Pop Ups, Announcement Pop Up, WooCommerce Popups plugin... High Unreviewed
CVE-2024-12627 was published Jan 11, 2025
HCL MyXalytics is affected by insecure direct object references. It occurs due to missing access... High Unreviewed
CVE-2024-42169 was published Jan 11, 2025
A reflected cross-site scripting (XSS) vulnerability in Palo Alto Networks Expedition enables... High Unreviewed
CVE-2025-0104 was published Jan 11, 2025
The CF Internal Link Shortcode plugin for WordPress is vulnerable to SQL Injection via the ... High Unreviewed
CVE-2024-12404 was published Jan 11, 2025
The administrator is able to configure an insecure captive portal script High Unreviewed
CVE-2024-9132 was published Jan 11, 2025
Multiple SQL Injection vulnerabilities exist in the reporting application. A user with advanced... High Unreviewed
CVE-2024-9134 was published Jan 11, 2025
Backup uploads to ETM subject to man-in-the-middle interception High Unreviewed
CVE-2024-47519 was published Jan 11, 2025
A user with advanced report application access rights can perform actions for which they are not... High Unreviewed
CVE-2024-47520 was published Jan 11, 2025
Specially constructed queries cause cross platform scripting leaking administrator tokens High Unreviewed
CVE-2024-9188 was published Jan 11, 2025
A user with administrator privileges can perform command injection High Unreviewed
CVE-2024-9131 was published Jan 11, 2025
Incorrect Authorization vulnerability in Drupal Basic HTTP Authentication allows Forceful... High Unreviewed
CVE-2024-13291 was published Jan 9, 2025
** DISPUTED ** A vulnerability has been found in Scooter Software Beyond Compare up to 3.3.5... High Unreviewed
CVE-2024-7886 was published Aug 17, 2024
An attacker could have caused memory corruption and a potentially exploitable use-after-free of a... High Unreviewed
CVE-2023-29543 was published Jun 2, 2023
Memory corruption while processing TPC target power table in FTM TPC. High Unreviewed
CVE-2023-43549 was published Mar 4, 2024
In the Linux kernel, the following vulnerability has been resolved: firmware: arm_scmi: Harden... High Unreviewed
CVE-2022-48655 was published Apr 28, 2024
Insufficient exception handling in the method NCompress::NRar3::CDecoder::Code of 7-Zip before 18... High Unreviewed
CVE-2018-5996 was published May 13, 2022
Heap-based buffer overflow in the NCompress::NShrink::CDecoder::CodeReal method in 7-Zip before... High Unreviewed
CVE-2017-17969 was published May 14, 2022
Another “use after free” code execution vulnerability exists in the Rockwell Automation Arena®... High Unreviewed
CVE-2024-12175 was published Dec 19, 2024
Memory corruption while parsing qcp clip with invalid chunk data size. High Unreviewed
CVE-2023-43548 was published Mar 4, 2024
Vaultwarden vulnerable to user impersonation High
CVE-2024-55225 was published for vaultwarden (Rust) Jan 9, 2025
In PRIMX ZED Enterprise up to 2024.3, technical files stored in local folders with common user... High Unreviewed
CVE-2024-46464 was published Jan 10, 2025
Cross-Site Request Forgery (CSRF) vulnerability in Drupal Migrate Tools allows Cross Site Request... High Unreviewed
CVE-2024-13244 was published Jan 9, 2025
Insufficient Granularity of Access Control vulnerability in Drupal Email Contact allows Forceful... High Unreviewed
CVE-2024-13256 was published Jan 9, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database