GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,156
Erlang
30
GitHub Actions
19
Go
1,966
Maven
5,000+
npm
3,694
NuGet
653
pip
3,311
Pub
11
RubyGems
881
Rust
831
Swift
35
Unreviewed advisories
All unreviewed
5,000+
17 advisories
Filter by severity
In the Linux kernel, the following vulnerability has been resolved:
s390/pkey: Use...
Moderate
Unreviewed
CVE-2024-42158
was published
Jul 30, 2024
urllib3's Proxy-Authorization request header isn't stripped during cross-origin redirects
Moderate
CVE-2024-37891
was published
for
urllib3
(pip)
Jun 17, 2024
Moby's external DNS requests from 'internal' networks could lead to data exfiltration
Moderate
CVE-2024-29018
was published
for
github.com/docker/docker
(Go)
Mar 20, 2024
An issue was discovered in TigerGraph Enterprise Free Edition 3.x. Data loading jobs in...
Moderate
Unreviewed
CVE-2023-22950
was published
Apr 13, 2023
parse-server's session object properties can be updated by foreign user if object ID is known
Moderate
CVE-2022-39225
was published
for
parse-server
(npm)
Sep 21, 2022
OpenZeppelin Contracts's Cross chain utilities for Arbitrum L2 see EOA calls as cross chain calls
Moderate
CVE-2022-35916
was published
for
@openzeppelin/contracts
(npm)
Aug 14, 2022
In MB connect line mymbCONNECT24, mbCONNECT24 in versions <= 2.8.0 an authenticated attacker can...
Moderate
Unreviewed
CVE-2021-34574
was published
May 24, 2022
Firefox used to cache the last filename used for printing a file. When generating a filename for...
Moderate
Unreviewed
CVE-2021-29960
was published
May 24, 2022
Dell EMC iDRAC9 versions prior to 4.40.00.00 contain an improper authentication vulnerability. A...
Moderate
Unreviewed
CVE-2021-21544
was published
May 24, 2022
In SOOIL Developments Co., Ltd Diabecare RS, AnyDana-i and AnyDana-A, a client-side control...
Moderate
Unreviewed
CVE-2020-27268
was published
May 24, 2022
V6.0.10P2T2 and V6.0.10P2T5 of F6x2W product are impacted by Information leak vulnerability....
Moderate
Unreviewed
CVE-2020-6862
was published
May 24, 2022
A Client-Side Enforcement of Server-Side Security issue was discovered in ProMinent MultiFLEX...
Moderate
Unreviewed
CVE-2017-14013
was published
May 13, 2022
SMTP service in Microsoft Windows 2000, Windows XP Professional, and Exchange 2000 allows remote...
Moderate
Unreviewed
CVE-2002-0055
was published
Apr 30, 2022
Opera does not prevent cookies that are sent over an insecure channel (HTTP) from also being sent...
Moderate
Unreviewed
CVE-2004-0872
was published
Apr 29, 2022
Publify `guest` role users can self-register even when the admin does not allow it
Moderate
CVE-2021-25973
was published
for
publify_core
(RubyGems)
Nov 3, 2021
containerd-shim API Exposed to Host Network Containers
Moderate
CVE-2020-15257
was published
for
github.com/containerd/containerd
(Go)
May 24, 2021
Incorrect Resource Transfer Between Spheres in eclipse-wtp
Moderate
CVE-2019-10753
was published
for
com.diffplug.spotless:spotless-eclipse-cdt
(Maven)
Sep 11, 2019
ProTip!
Advisories are also available from the
GraphQL API