GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,976
Erlang
29
GitHub Actions
16
Go
1,765
Maven
4,990
npm
3,534
NuGet
615
pip
3,103
Pub
10
RubyGems
837
Rust
785
Swift
34
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
9,604 advisories
Filter by severity
A vulnerability has been identified in Node.js, affecting users of the experimental permission...
Low
Unreviewed
CVE-2024-22018
was published
Jul 10, 2024
A cross-site scripting vulnerability exists in the admin console OIDC Policy Management Editor....
Low
Unreviewed
CVE-2024-22477
was published
Jul 10, 2024
A potential JSON injection attack vector exists in PingFederate REST API data stores using the...
Low
Unreviewed
CVE-2024-21832
was published
Jul 10, 2024
A flaw was found in NetworkManager. When a system running NetworkManager with DEBUG logs enabled...
Low
Unreviewed
CVE-2024-6501
was published
Jul 9, 2024
An incorrect parsing of numbers with different radices vulnerability [CWE-1389] in FortiProxy...
Low
Unreviewed
CVE-2024-26015
was published
Jul 9, 2024
A vulnerability has been identified in RUGGEDCOM RST2228 (All versions < V5.9.0), RUGGEDCOM...
Low
Unreviewed
CVE-2023-52238
was published
Jul 9, 2024
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection'...
Low
Unreviewed
CVE-2024-35777
was published
Jul 9, 2024
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection'...
Low
Unreviewed
CVE-2024-37253
was published
Jul 9, 2024
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection'...
Low
Unreviewed
CVE-2024-37442
was published
Jul 9, 2024
Due to missing verification of file type or
content, SAP Enable Now allows an authenticated...
Low
Unreviewed
CVE-2024-34692
was published
Jul 9, 2024
The /n software IPWorks SSH library SFTPServer component can be induced to make unintended...
Low
Unreviewed
CVE-2024-6580
was published
Jul 8, 2024
Use of implicit intent for sensitive communication in Samsung Messages prior to SMR Jul-2024...
Low
Unreviewed
CVE-2024-34602
was published
Jul 8, 2024
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Kodezen Limited Academy LMS...
Low
Unreviewed
CVE-2024-37234
was published
Jul 6, 2024
The OpenAI ChatGPT app before 2024-07-05 for macOS opts out of the sandbox, and stores...
Low
Unreviewed
CVE-2024-40594
was published
Jul 6, 2024
Under certain circumstances, when the controller is in factory reset mode waiting for initial...
Low
Unreviewed
CVE-2024-32754
was published
Jul 4, 2024
The Premium Addons for Elementor plugin for WordPress is vulnerable to Regular Expression Denial...
Low
Unreviewed
CVE-2024-6434
was published
Jul 4, 2024
A flaw was found in the cockpit package. This flaw allows an authenticated user to kill any...
Low
Unreviewed
CVE-2024-6126
was published
Jul 3, 2024
Mattermost versions 9.5.x <= 9.5.5 and 9.8.0 fail to properly sanitize the recipients of a...
Low
Unreviewed
CVE-2024-39807
was published
Jul 3, 2024
Mattermost versions 9.5.x <= 9.5.5 and 9.8.0 fail to sanitize the RemoteClusterFrame payloads...
Low
Unreviewed
CVE-2024-39353
was published
Jul 3, 2024
Mattermost versions 9.8.0, 9.7.x <= 9.7.4, 9.6.x <= 9.6.2 and 9.5.x <= 9.5.5 fail to prevent...
Low
Unreviewed
CVE-2024-39361
was published
Jul 3, 2024
Mattermost versions 9.5.x <= 9.5.5 and 9.8.0, when using shared channels with multiple remote...
Low
Unreviewed
CVE-2024-36257
was published
Jul 3, 2024
Improper Validation of Array Index vulnerability in Samsung Open Source Walrus Webassembly...
Low
Unreviewed
CVE-2024-32673
was published
Jul 3, 2024
Improper input validation in Samsung Health prior to version 6.27.0.113 allows local attackers to...
Low
Unreviewed
CVE-2024-34597
was published
Jul 2, 2024
Improper verification of intent by broadcast receiver vulnerability in Samsung Flow prior to...
Low
Unreviewed
CVE-2024-34600
was published
Jul 2, 2024
Improper input validation in Tips prior to version 6.2.9.4 in Android 14 allows local attacker to...
Low
Unreviewed
CVE-2024-34599
was published
Jul 2, 2024
ProTip!
Advisories are also available from the
GraphQL API