Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,722
Erlang
35
GitHub Actions
29
Go
2,306
Maven
5,000+
npm
3,947
NuGet
711
pip
3,727
Pub
12
RubyGems
920
Rust
964
Swift
38
Unreviewed advisories
All unreviewed
5,000+

81 advisories

Loading
http-proxy-middleware can call writeBody twice because "else if" is not used Moderate
CVE-2025-32996 was published for http-proxy-middleware (npm) Apr 15, 2025
sealonohana
tough terminating targets role delegations are not respected Moderate
CVE-2025-2886 was published for tough (Rust) Mar 28, 2025
jku AdamKorcz
An issue in onos v2.7.0 allows attackers to trigger unexpected behavior within a device connected... Critical Unreviewed
CVE-2025-29312 was published Mar 24, 2025
Vyper Does Not Check the Success of Certain Precompile Calls Low
CVE-2025-21607 was published for vyper (pip) Jan 14, 2025
ritzdorf vasinicola
trocher
In the Linux kernel, the following vulnerability has been resolved: pmdomain: imx93-blk-ctrl:... Moderate Unreviewed
CVE-2024-53134 was published Dec 4, 2024
WinZip Mark-of-the-Web Bypass Vulnerability. This vulnerability allows remote attackers to bypass... High Unreviewed
CVE-2024-8811 was published Nov 22, 2024
HCL Traveler for Microsoft Outlook (HTMO) is susceptible to a control flow vulnerability. The... Moderate Unreviewed
CVE-2024-30133 was published Nov 12, 2024
In the Linux kernel, the following vulnerability has been resolved: mm: call the... High Unreviewed
CVE-2024-47745 was published Oct 21, 2024
In Gradio, the `enable_monitoring` flag set to `False` does not disable monitoring Low
CVE-2024-47168 was published for gradio (pip) Oct 10, 2024
ahpaleus Vasco-jofra
btcd did not correctly re-implement Bitcoin Core's "FindAndDelete()" functionality High
CVE-2024-38365 was published for github.com/btcsuite/btcd (Go) Oct 10, 2024
darosior dergoegge
wasmtime has a runtime crash when combining tail calls with trapping imports Moderate
CVE-2024-47763 was published for wasmtime (Rust) Oct 9, 2024
alexcrichton fitzgen
A vulnerability in the DHCP Snooping feature of Cisco IOS XE Software on Software-Defined Access ... High Unreviewed
CVE-2024-20480 was published Sep 25, 2024
Denial of service in quinn-proto when using `Endpoint::retry()` High
CVE-2024-45311 was published for quinn-proto (Rust) Sep 3, 2024
finnbear BiagioFesta
Rockwell Automation was made aware of a vulnerability that causes all affected controllers on the... Unknown Unreviewed
CVE-2024-5659 was published Jun 14, 2024
there is a possible way to bypass due to a logic error in the code. This could lead to local... High Unreviewed
CVE-2024-32896 was published Jun 13, 2024
Keycloak's improper input validation allows using email as username Low
CVE-2021-3754 was published for org.keycloak:keycloak-services (Maven) Jun 12, 2024
Chetven
Contract balance not updating correctly after interchain transaction High
CVE-2024-37153 was published for github.com/evmos/evmos/v10 (Go) Jun 6, 2024
Vvaradinov EvmosDAO
Requests `Session` object does not verify requests after making first request with verify=False Moderate
CVE-2024-35195 was published for requests (pip) May 20, 2024
mikeassel sigmavirus24
nateprewitt
Tor Arti's STUB circuits incorrectly have a length of 2 High
CVE-2024-35312 was published for arti (Rust) May 18, 2024
eZ Platform Rules to disable executable access are ignored on Platform.sh (eZ Cloud) Moderate
GHSA-6xch-2vxx-5pvr was published for ezsystems/ezplatform (Composer) May 15, 2024
An issue in phiola/src/afilter/conv.c:115 of phiola v2.0-rc22 allows a remote attacker to cause a... Moderate Unreviewed
CVE-2024-33431 was published May 1, 2024
A vulnerability classified as critical has been found in SourceCodester Computer Laboratory... High Unreviewed
CVE-2024-3376 was published Apr 6, 2024
A malicious insider exploiting this vulnerability can circumvent existing security controls put... Moderate Unreviewed
CVE-2024-0313 was published Mar 14, 2024
Insufficient authentication flow in Checkmk before 2.2.0p17, 2.1.0p37 and 2.0.0p39 allows... High Unreviewed
CVE-2023-31211 was published Jan 12, 2024
OpenZeppelin Contracts and Contracts Upgradeable duplicated execution of subcalls in v4.9.4 Moderate
CVE-2023-49798 was published for @openzeppelin/contracts (npm) Dec 12, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database