GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 22,886
Composer 4,778
Erlang 36
GitHub Actions 29
Go 2,336
Maven 5,642
npm 3,969
NuGet 713
pip 3,767
Pub 12
RubyGems 923
Rust 976
Swift 38

Unreviewed advisories

All unreviewed 259,407

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

161 advisories

Filter by severity

Uh oh!

There was an error while loading. Please reload this page.

Sort by

Newest

Oldest

Recently updated

Least recently updated

Spin applications with specific configuration vulnerable to potential network sandbox escape Critical

CVE-2024-32980 was published for spin-sdk (Rust) May 8, 2024

A configuration setting issue in seccenter.exe as used in Bitdefender Total Security, Bitdefender... High Unreviewed

CVE-2023-6154 was published Apr 1, 2024

php-svg-lib lacks path validation on font through SVG inline styles Moderate

CVE-2024-25117 was published for phenx/php-svg-lib (Composer) Feb 21, 2024

Micronaut management endpoints vulnerable to drive-by localhost attack Moderate

CVE-2024-23639 was published for io.micronaut:micronaut-http-server (Maven) Feb 9, 2024

HashiCorp Nomad vulnerable to symlink attacks High

CVE-2024-1329 was published for github.com/hashicorp/nomad (Go) Feb 8, 2024

CloudLinux CageFS 7.0.8-2 or below insufficiently restricts file paths supplied to the sendmail... Moderate Unreviewed

CVE-2020-36772 was published Jan 22, 2024

A vulnerability classified as problematic was found in ForU CMS up to 2020-06-23. Affected by... Moderate Unreviewed

CVE-2024-0728 was published Jan 19, 2024

ASUS Armoury Crate has a vulnerability in arbitrary file write and allows remote attackers to... Critical Unreviewed

CVE-2023-5716 was published Jan 19, 2024

An information disclosure vulnerability exists in the aVideoEncoderReceiveImage.json.php image... Moderate Unreviewed

CVE-2023-49864 was published Jan 10, 2024

An information disclosure vulnerability exists in the aVideoEncoderReceiveImage.json.php image... Moderate Unreviewed

CVE-2023-49862 was published Jan 10, 2024

An information disclosure vulnerability exists in the aVideoEncoderReceiveImage.json.php image... Moderate Unreviewed

CVE-2023-49863 was published Jan 10, 2024

External Control of File Name or Path in h2oai/h2o-3 Critical

CVE-2023-6569 was published for h2o (pip) Dec 14, 2023

A vulnerability was found in SourceCodester Simple Student Attendance System 1.0. It has been... Moderate Unreviewed

CVE-2023-6618 was published Dec 8, 2023

In visitUris of Notification.java, there is a possible way to display images from another user... Moderate Unreviewed

CVE-2023-35668 was published Dec 5, 2023

Malicious Code Execution Vulnerability due to External Control of File Name or Path in multiple... High Unreviewed

CVE-2023-5247 was published Nov 30, 2023

An arbitrary file creation vulnerability exists in the Javascript exportDataObject API of Foxit... High Unreviewed

CVE-2023-35985 was published Nov 27, 2023

An arbitrary file creation vulnerability exists in the Javascript exportDataObject API of Foxit... High Unreviewed

CVE-2023-40194 was published Nov 27, 2023

A code execution vulnerability exists in the Javascript saveAs API of Foxit Reader 12.1.3.15356.... High Unreviewed

CVE-2023-39542 was published Nov 27, 2023

This external control vulnerability, if exploited, could allow a local OS-authenticated user... Moderate Unreviewed

CVE-2023-34982 was published Nov 15, 2023

In FillUi of FillUi.java, there is a possible way to view another user's images due to a confused... Moderate Unreviewed

CVE-2023-40139 was published Oct 27, 2023

On affected Wago products an remote attacker with administrative privileges can access files to... Low Unreviewed

CVE-2023-4089 was published Oct 17, 2023

Local privilege escalation due to improper soft link handling. The following products are... Moderate Unreviewed

CVE-2023-44209 was published Oct 4, 2023

A file write vulnerability exists in the OAS Engine configuration functionality of Open... High Unreviewed

CVE-2023-32615 was published Sep 5, 2023

Local privilege escalation during installation due to improper soft link handling. The following... High Unreviewed

CVE-2022-46869 was published Aug 31, 2023

Local privilege escalation during recovery due to improper soft link handling. The following... Moderate Unreviewed

CVE-2022-46868 was published Aug 31, 2023

Previous 1 2 3 4 5 6 7 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

161 advisories