GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
34 advisories
Filter by severity
HTML Cleaner allows crafted scripts in special contexts like svg or math to pass through
High
CVE-2024-52595
was published
for
lxml-html-clean
(pip)
Nov 19, 2024
Wasmtime doesn't fully sandbox all the Windows device filenames
Low
CVE-2024-51745
was published
for
wasmtime
(Rust)
Nov 5, 2024
Ankitects Anki LaTeX Blocklist Bypass vulnerability
Low
CVE-2024-32152
was published
for
anki
(pip)
Jul 22, 2024
ServiceNow has addressed a sensitive file read vulnerability that was identified in the...
Moderate
Unreviewed
CVE-2024-5178
was published
Jul 10, 2024
ServiceNow has addressed an input validation vulnerability that was identified in the Washington...
Critical
Unreviewed
CVE-2024-5217
was published
Jul 10, 2024
Microsoft Outlook Remote Code Execution Vulnerability
High
Unreviewed
CVE-2024-30103
was published
Jun 11, 2024
A vulnerability in the NETCONF feature of Cisco IOS XE Software could allow an authenticated,...
Moderate
Unreviewed
CVE-2024-20278
was published
Mar 27, 2024
KaTeX missing normalization of the protocol in URLs allows bypassing forbidden protocols
Moderate
CVE-2024-28246
was published
for
katex
(npm)
Mar 25, 2024
A CWE-693 “Protection Mechanism Failure” vulnerability in the embedded Chromium browser ...
Moderate
Unreviewed
CVE-2023-45593
was published
Mar 5, 2024
Babel vulnerable to arbitrary code execution when compiling specifically crafted malicious code
Critical
CVE-2023-45133
was published
for
@babel/traverse
(npm)
Oct 16, 2023
Incomplete List of Disallowed Inputs vulnerability in Bookreen allows Privilege Escalation.This...
Critical
Unreviewed
CVE-2023-3374
was published
Sep 5, 2023
Apache NiFi Insufficient Property Validation vulnerability
Moderate
CVE-2023-40037
was published
for
org.apache.nifi:nifi-dbcp-base
(Maven)
Aug 19, 2023
The SolarWinds Platform was susceptible to the Incorrect Comparison Vulnerability. This...
High
Unreviewed
CVE-2023-23844
was published
Jul 26, 2023
SvelteKit vulnerable to Cross-Site Request Forgery
High
CVE-2023-29003
was published
for
@sveltejs/kit
(npm)
Apr 4, 2023
Cortex's Alertmanager can expose local files content via specially crafted config
Moderate
CVE-2022-23536
was published
for
github.com/cortexproject/cortex
(Go)
Dec 19, 2022
Agent-to-controller access control allows reading/writing most content of build directories in Jenkins
Critical
CVE-2021-21697
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 24, 2022
A flaw was found in grub2 in versions prior to 2.06, where it incorrectly enables the usage of...
High
Unreviewed
CVE-2020-14372
was published
May 24, 2022
Multiple vulnerabilities in the REST API endpoint of Cisco Data Center Network Manager (DCNM)...
Moderate
Unreviewed
CVE-2021-1255
was published
May 24, 2022
Multiple vulnerabilities in the REST API endpoint of Cisco Data Center Network Manager (DCNM)...
High
Unreviewed
CVE-2021-1133
was published
May 24, 2022
Multiple vulnerabilities in the REST API endpoint of Cisco Data Center Network Manager (DCNM)...
Moderate
Unreviewed
CVE-2021-1135
was published
May 24, 2022
Incomplete blacklist vulnerability in SuiteCRM 7.2.2 allows remote authenticated users to execute...
High
Unreviewed
CVE-2015-5946
was published
May 17, 2022
Incomplete List of Disallowed Inputs in Jenkins
Moderate
CVE-2017-2602
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 13, 2022
It was found that RHSA-2018:2918 did not fully fix CVE-2018-16509. An attacker could possibly...
High
Unreviewed
CVE-2018-16863
was published
May 13, 2022
Incomplete blacklist in SOGo before 2.3.12 and 3.x before 3.1.1 allows remote authenticated users...
Moderate
Unreviewed
CVE-2016-6189
was published
May 13, 2022
Monstra CMS through 3.0.4 has an incomplete "forbidden types" list that excludes .php (and...
High
Unreviewed
CVE-2018-6383
was published
May 13, 2022
ProTip!
Advisories are also available from the
GraphQL API