GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,133
Erlang
29
GitHub Actions
19
Go
1,940
Maven
5,000+
npm
3,677
NuGet
645
pip
3,295
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
5,383 advisories
Filter by severity
An issue in nature fitness saijo mini-app on Line v13.6.1 allows attackers to send crafted...
Moderate
Unreviewed
CVE-2023-43988
was published
Jan 24, 2024
An issue in COLORFUL_laundry mini-app on Line v13.6.1 allows attackers to send crafted malicious...
Moderate
Unreviewed
CVE-2023-43999
was published
Jan 24, 2024
There is a CSV injection vulnerability in some HikCentral Master Lite versions. If exploited, an...
Moderate
Unreviewed
CVE-2024-47485
was published
Oct 18, 2024
A stored cross-site scripting (XSS) vulnerability exists in comfyanonymous/comfyui version 0.2.2...
Moderate
Unreviewed
CVE-2024-10099
was published
Oct 17, 2024
Substance3D - Sampler versions 4.5 and earlier are affected by a NULL Pointer Dereference...
Moderate
Unreviewed
CVE-2024-47459
was published
Oct 17, 2024
In Dell Secure Connect Gateway Application and Secure Connect Gateway Appliance (between v5.10...
Moderate
Unreviewed
CVE-2023-44293
was published
Oct 17, 2024
In Dell Secure Connect Gateway Application and Secure Connect Gateway Appliance (between v5.10...
Moderate
Unreviewed
CVE-2023-44294
was published
Oct 17, 2024
A vulnerability in the GlobalProtect portal in Palo Alto Networks PAN-OS software enables a...
Moderate
Unreviewed
CVE-2024-8691
was published
Sep 11, 2024
A URL parameter during login flow was vulnerable to injection. An attacker could insert a...
Moderate
Unreviewed
CVE-2023-28799
was published
Jun 22, 2023
Multiple CWE-476 NULL Pointer Dereference vulnerabilities were found in GoAhead Web Server up to...
Moderate
Unreviewed
CVE-2024-3184
was published
Oct 17, 2024
CWE-476 NULL Pointer Dereference vulnerability in the evalExpr() function of GoAhead Web Server ...
Moderate
Unreviewed
CVE-2024-3186
was published
Oct 17, 2024
This issue tracks two CWE-416 Use After Free (UAF) and one CWE-415 Double Free vulnerabilities in...
Moderate
Unreviewed
CVE-2024-3187
was published
Oct 17, 2024
A vulnerability in the CLI of Cisco ATA 190 Series Analog Telephone Adapter firmware could...
Moderate
Unreviewed
CVE-2024-20461
was published
Oct 16, 2024
A vulnerability in the web-based management interface of Cisco ATA 190 Series Analog Telephone...
Moderate
Unreviewed
CVE-2024-20463
was published
Oct 16, 2024
A vulnerability in the web-based management interface of Cisco ATA 190 Multiplatform Series...
Moderate
Unreviewed
CVE-2024-20459
was published
Oct 16, 2024
A vulnerability in the web-based management interface of Cisco ATA 190 Series Analog Telephone...
Moderate
Unreviewed
CVE-2024-20420
was published
Oct 16, 2024
A vulnerability was found in aap-gateway. A Cross-site Scripting (XSS) vulnerability exists in...
Moderate
Unreviewed
CVE-2024-10033
was published
Oct 16, 2024
Untrusted Search Path vulnerability in OpenText™ Application Lifecycle Management (ALM),Quality...
Moderate
Unreviewed
CVE-2023-32266
was published
Oct 16, 2024
FlatPress v1.3 is vulnerable to Cross Site Scripting (XSS). An attacker can inject malicious...
Moderate
Unreviewed
CVE-2024-33209
was published
Oct 2, 2024
IBM Watson Studio Local 1.2.3 is vulnerable to cross-site request forgery which could allow an...
Moderate
Unreviewed
CVE-2024-49340
was published
Oct 16, 2024
In Phoenix SCT WinFlash 1.1.12.0 through 1.5.74.0, the included drivers could be used by a...
Moderate
Unreviewed
CVE-2019-18279
was published
May 24, 2022
A vulnerability was found in Podman, Buildah, and CRI-O. A symlink traversal vulnerability in the...
Moderate
Unreviewed
CVE-2024-9676
was published
Oct 15, 2024
X2CRM v8.5 is vulnerable to a stored Cross-Site Scripting (XSS) in the "Opportunities" module. An...
Moderate
Unreviewed
CVE-2024-48120
was published
Oct 14, 2024
A problem with a detection mechanism in the Palo Alto Networks Cortex XDR agent on Windows...
Moderate
Unreviewed
CVE-2024-9469
was published
Oct 9, 2024
In Splunk Enterprise versions below 9.2.3 and 9.1.6 and Splunk Cloud Platform versions below 9.2...
Moderate
Unreviewed
CVE-2024-45740
was published
Oct 14, 2024
ProTip!
Advisories are also available from the
GraphQL API