Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
1,996
Maven
5,000+
npm
3,709
NuGet
661
pip
3,349
Pub
11
RubyGems
885
Rust
846
Swift
36
Unreviewed advisories
All unreviewed
5,000+

255,730 advisories

Loading
An unauthorized user is able to gain access to sensitive data, including credentials, by... High Unreviewed
CVE-2024-38280 was published Jun 13, 2024
Bandisoft BandiView 7.05 is vulnerable to Incorrect Access Control in sub_0x3d80fc via a crafted... Moderate Unreviewed
CVE-2024-45870 was published Oct 3, 2024
Bandisoft BandiView 7.05 is Incorrect Access Control via sub_0x232bd8 resulting in denial of... Moderate Unreviewed
CVE-2024-45871 was published Oct 3, 2024
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent:... Critical Unreviewed
CVE-2018-2628 was published May 14, 2022
In Pilz PMC programming tool 3.x before 3.5.17 (based on CODESYS Development System), the... Critical Unreviewed
CVE-2020-12069 was published Dec 26, 2022
A logic issue was addressed with improved restrictions. This issue is fixed in iTunes 12.13.3 for... High Unreviewed
CVE-2024-44193 was published Oct 2, 2024
A Segmentation Fault issue discovered StreamSerializer::extractStreams function in... Moderate Unreviewed
CVE-2020-21723 was published Aug 22, 2023
Heap buffer overflow in sqlite in Google Chrome prior to 112.0.5615.137 allowed a remote attacker... High Unreviewed
CVE-2023-2137 was published Apr 19, 2023
DrayTek Vigor3910 devices through 4.3.2.6 are vulnerable to stored Cross Site Scripting (XSS) by... Moderate Unreviewed
CVE-2024-41583 was published Oct 3, 2024
Buffer Overflow vulnerabilities exist in DrayTek Vigor310 devices through 4.3.2.6 (in the Vigor... High Unreviewed
CVE-2024-41596 was published Oct 3, 2024
DrayTek Vigor310 devices through 4.3.2.6 allow a remote attacker to change settings or cause a... High Unreviewed
CVE-2024-41595 was published Oct 3, 2024
DrayTek Vigor3910 devices through 4.3.2.6 are vulnerable to reflected XSS by authenticated users,... Moderate Unreviewed
CVE-2024-41584 was published Oct 3, 2024
The session cookie in MailGates and MailAudit from Openfind does not have the HttpOnly flag... Moderate Unreviewed
CVE-2024-6739 was published Jul 15, 2024
DrayTek Vigor3910 devices through 4.3.2.6 have a stack-based overflow when processing query... High Unreviewed
CVE-2024-41592 was published Oct 3, 2024
An issue discovered in Samsung SyncThru Web Service SPL 5.93 06-09-2014 allows attackers to gain... High Unreviewed
CVE-2021-35309 was published Aug 22, 2023
A cross-site scripting (XSS) vulnerability in Trend Micro InterScan Web Security Virtual... Moderate Unreviewed
CVE-2024-36359 was published Jun 11, 2024
An issue was discovered in function nl80211_send_chandef in rtl8812au v5.6.4.2 allows attackers... High Unreviewed
CVE-2020-26652 was published Aug 22, 2023
Code injection in nbgitpuller High
CVE-2021-39160 was published for nbgitpuller (pip) Aug 30, 2021
OpenStack Neutron's unsupported dport option prevents applying security groups High
CVE-2019-9735 was published for neutron (pip) May 13, 2022
JupyterHub OAuthenticator elevation of privilege High
CVE-2018-7206 was published for oauthenticator (pip) May 13, 2022
jhutchings1
ReDOS in Mpmath High
CVE-2021-29063 was published for mpmath (pip) Aug 9, 2021
bryan-rhm
OpenStack Neutron vulnerable to hardware address impersonation High
CVE-2021-38598 was published for neutron (pip) May 24, 2022
Unexpected visibility of environment variable configurations in @backstage/plugin-app-backend Moderate
CVE-2024-47762 was published for @backstage/plugin-app-backend (npm) Oct 3, 2024
Liferay Portal's account lockout does not invalidate existing user sessions Moderate
CVE-2023-47798 was published for com.liferay.portal:release.dxp.bom (Maven) Feb 8, 2024
Alpine Halo9 DecodeUTF7 Stack-based Buffer Overflow Remote Code Execution Vulnerability. This... High Unreviewed
CVE-2024-23935 was published Sep 28, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database