GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,944
Erlang
29
GitHub Actions
16
Go
1,729
Maven
4,955
npm
3,489
NuGet
607
pip
3,058
Pub
10
RubyGems
832
Rust
778
Swift
34
Unreviewed advisories
All unreviewed
5,000+
129 advisories
Filter by severity
Grafana Fine-grained access control vulnerability
Critical
CVE-2021-41244
was published
for
github.com/grafana/grafana
(Go)
May 14, 2024
Spin applications with specific configuration vulnerable to potential network sandbox escape
Critical
CVE-2024-32980
was published
for
spin-sdk
(Rust)
May 8, 2024
Micronaut management endpoints vulnerable to drive-by localhost attack
Moderate
CVE-2024-23639
was published
for
io.micronaut:micronaut-http-server
(Maven)
Feb 9, 2024
HashiCorp Nomad vulnerable to symlink attacks
High
CVE-2024-1329
was published
for
github.com/hashicorp/nomad
(Go)
Feb 8, 2024
CloudLinux
CageFS 7.0.8-2 or below insufficiently restricts file paths supplied to
the sendmail...
Moderate
Unreviewed
CVE-2020-36772
was published
Jan 22, 2024
A vulnerability classified as problematic was found in ForU CMS up to 2020-06-23. Affected by...
Moderate
Unreviewed
CVE-2024-0728
was published
Jan 19, 2024
ASUS Armoury Crate has a vulnerability in arbitrary file write and allows remote attackers to...
Critical
Unreviewed
CVE-2023-5716
was published
Jan 19, 2024
An information disclosure vulnerability exists in the aVideoEncoderReceiveImage.json.php image...
Moderate
Unreviewed
CVE-2023-49864
was published
Jan 10, 2024
An information disclosure vulnerability exists in the aVideoEncoderReceiveImage.json.php image...
Moderate
Unreviewed
CVE-2023-49863
was published
Jan 10, 2024
An information disclosure vulnerability exists in the aVideoEncoderReceiveImage.json.php image...
Moderate
Unreviewed
CVE-2023-49862
was published
Jan 10, 2024
External Control of File Name or Path in h2oai/h2o-3
Critical
CVE-2023-6569
was published
for
h2o
(pip)
Dec 14, 2023
A vulnerability was found in SourceCodester Simple Student Attendance System 1.0. It has been...
Moderate
Unreviewed
CVE-2023-6618
was published
Dec 8, 2023
In visitUris of Notification.java, there is a possible way to display images from another user...
Moderate
Unreviewed
CVE-2023-35668
was published
Dec 5, 2023
Malicious Code Execution Vulnerability due to External Control of File Name or Path in multiple...
High
Unreviewed
CVE-2023-5247
was published
Nov 30, 2023
An arbitrary file creation vulnerability exists in the Javascript exportDataObject API of Foxit...
High
Unreviewed
CVE-2023-35985
was published
Nov 27, 2023
A code execution vulnerability exists in the Javascript saveAs API of Foxit Reader 12.1.3.15356....
High
Unreviewed
CVE-2023-39542
was published
Nov 27, 2023
An arbitrary file creation vulnerability exists in the Javascript exportDataObject API of Foxit...
High
Unreviewed
CVE-2023-40194
was published
Nov 27, 2023
This external control vulnerability, if exploited, could allow a local OS-authenticated user...
Moderate
Unreviewed
CVE-2023-34982
was published
Nov 15, 2023
In FillUi of FillUi.java, there is a possible way to view another user's images due to a confused...
Moderate
Unreviewed
CVE-2023-40139
was published
Oct 27, 2023
On affected Wago products an remote attacker with administrative privileges can access files to...
Low
Unreviewed
CVE-2023-4089
was published
Oct 17, 2023
Local privilege escalation due to improper soft link handling. The following products are...
Moderate
Unreviewed
CVE-2023-44209
was published
Oct 4, 2023
A file write vulnerability exists in the OAS Engine configuration functionality of Open...
High
Unreviewed
CVE-2023-32615
was published
Sep 5, 2023
Local privilege escalation during recovery due to improper soft link handling. The following...
Moderate
Unreviewed
CVE-2022-46868
was published
Aug 31, 2023
The WireGuard client 0.5.3 on Windows insecurely configures the operating system and firewall...
Moderate
Unreviewed
CVE-2023-35838
was published
Aug 10, 2023
In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 a remote attacker with...
Moderate
Unreviewed
CVE-2023-37856
was published
Aug 9, 2023
ProTip!
Advisories are also available from the
GraphQL API