GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,205
Erlang
31
GitHub Actions
19
Go
1,986
Maven
5,000+
npm
3,703
NuGet
661
pip
3,329
Pub
11
RubyGems
884
Rust
843
Swift
36
Unreviewed advisories
All unreviewed
5,000+
211 advisories
Filter by severity
Hashicorp Consul Improper Neutralization of HTTP Headers for Scripting Syntax vulnerability
Moderate
CVE-2024-10006
was published
for
github.com/hashicorp/consul
(Go)
Oct 31, 2024
A vulnerability in the AWV (Audio, Web and Video Conferencing) component of Mitel MiCollab...
Moderate
Unreviewed
CVE-2024-47224
was published
Oct 21, 2024
Sharp and Toshiba Tec MFPs improperly process query parameters in HTTP requests, which may allow...
High
Unreviewed
CVE-2024-47549
was published
Oct 25, 2024
Vulnerability of parameters being not verified in the WMS module. Successful exploitation of this...
High
Unreviewed
CVE-2023-52102
was published
Jan 16, 2024
Denial of Service (DoS) vulnerability in the DMS module. Successful exploitation of this...
High
Unreviewed
CVE-2023-52098
was published
Jan 16, 2024
Interactive Forms (IAF) in GX Software XperienCentral versions 10.33.1 until 10.35.0 was...
High
Unreviewed
CVE-2022-43713
was published
Jul 26, 2023
Improper Encoding or Escaping of Output vulnerability in The Wikimedia Foundation Mediawiki - CSS...
Moderate
Unreviewed
CVE-2024-47845
was published
Oct 5, 2024
A Directory Traversal vulnerability in the Boa webserver of Vilo 5 Mesh WiFi System <= 5.16.1.33...
Moderate
Unreviewed
CVE-2024-40088
was published
Oct 21, 2024
Improper input validation for some Intel NUC BIOS firmware before version JY0070 may allow a...
High
Unreviewed
CVE-2023-28738
was published
Jan 19, 2024
Improper input validation in some firmware for Intel(R) AMT and Intel(R) Standard Manageability...
High
Unreviewed
CVE-2022-36392
was published
Aug 11, 2023
Docker Desktop before v4.34.3 allows RCE via unsanitized GitHub source link in Build view.
High
Unreviewed
CVE-2024-9348
was published
Oct 16, 2024
Account users in Apache CloudStack by default are allowed to upload and register templates for...
High
Unreviewed
CVE-2024-45219
was published
Oct 16, 2024
An issue was discovered in MISP before 2.4.176. app/Controller/Component/IndexFilterComponent.php...
Critical
Unreviewed
CVE-2023-48655
was published
Nov 17, 2023
HAProxy before 2.8.2 accepts # as part of the URI component, which might allow remote attackers...
High
Unreviewed
CVE-2023-45539
was published
Nov 28, 2023
An unauthenticated local attacker can gain admin privileges by deploying a config file due to...
High
Unreviewed
CVE-2024-45271
was published
Oct 15, 2024
Input verification vulnerability in the audio module. Successful exploitation of this...
High
Unreviewed
CVE-2023-39382
was published
Aug 13, 2023
Input verification vulnerability in the storage module. Successful exploitation of this...
High
Unreviewed
CVE-2023-39381
was published
Aug 13, 2023
Vulnerability of input parameter verification in certain APIs in the window management module....
High
Unreviewed
CVE-2023-39390
was published
Aug 13, 2023
Vulnerability of input parameters being not strictly verified in the PMS module. Successful...
High
Unreviewed
CVE-2023-39386
was published
Aug 13, 2023
An issue was discovered in the Vector Skin component for MediaWiki before 1.39.5 and 1.40.x...
Moderate
Unreviewed
CVE-2023-45359
was published
Oct 9, 2024
Docker Machine through 0.16.2 allows an attacker, who has control of a worker node, to provide...
Moderate
Unreviewed
CVE-2023-40453
was published
Nov 14, 2023
Inconsistent input sanitisation leads to XSS vectors
Critical
CVE-2021-41132
was published
for
omero-figure
(pip)
Oct 14, 2021
Apache Zeppelin vulnerable to cross-site scripting in the helium module
Moderate
CVE-2024-31868
was published
for
org.apache.zeppelin:zeppelin-interpreter
(Maven)
Apr 9, 2024
An issue has been discovered in GitLab CE/EE affecting all versions starting from 7.14 before 15...
Moderate
Unreviewed
CVE-2023-2200
was published
Jul 13, 2023
LibreNMS vulnerable to Stored Cross-site Scripting via File Upload
Low
CVE-2024-47528
was published
for
librenms/librenms
(Composer)
Oct 1, 2024
ProTip!
Advisories are also available from the
GraphQL API