Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,247
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

58 advisories

Loading
IBM Aspera Faspex 5.0.0 through 5.0.9 could allow a user to bypass intended access restrictions... Moderate Unreviewed
CVE-2024-45097 was published Sep 5, 2024
url.c in GNU Wget through 1.24.5 mishandles semicolons in the userinfo subcomponent of a URI, and... Critical Unreviewed
CVE-2024-38428 was published Jun 16, 2024
btcd susceptible to consensus failures Moderate
CVE-2024-34478 was published for github.com/btcsuite/btcd (Go) May 5, 2024
Name confusion in x509 Subject Alternative Name fields High
CVE-2023-52892 was published for phpseclib/phpseclib (Composer) Jun 28, 2024
OpenStack Nova vulnerable to unauthorized access to potentially sensitive data Moderate
CVE-2024-40767 was published for Nova (pip) Jul 24, 2024
A vulnerability in the activation of an access control list (ACL) on Cisco Adaptive Security... Moderate Unreviewed
CVE-2024-20293 was published May 22, 2024
Softing Secure Integration Server Interpretation Conflict Remote Code Execution Vulnerability.... Moderate Unreviewed
CVE-2023-39481 was published May 3, 2024
An incorrect string comparison vulnerability in Palo Alto Networks PAN-OS software prevents... Moderate Unreviewed
CVE-2024-3386 was published Apr 10, 2024
A interpretation conflict in Fortinet IPS Engine versions 7.321, 7.166 and 6.158 allows attacker... High Unreviewed
CVE-2023-40718 was published Oct 10, 2023
In Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14, and Splunk Cloud Platform versions... High Unreviewed
CVE-2023-32708 was published Jul 6, 2023
There is a misinterpretation of input vulnerability in Huawei Printer. Successful exploitation of... High Unreviewed
CVE-2022-48473 was published Jun 16, 2023
There is a misinterpretation of input vulnerability in Huawei Printer. Successful exploitation of... High Unreviewed
CVE-2022-48471 was published Jun 16, 2023
A vulnerability in the Secure Shell (SSH) server code of Cisco IOS Software and Cisco IOS XE... High Unreviewed
CVE-2020-3200 was published May 24, 2022
The Lever PDF Embedder plugin 4.4 for WordPress does not block the distribution of polyglot PDF... High Unreviewed
CVE-2019-19589 was published May 24, 2022
CarrierWave content-Type allowlist bypass vulnerability which possibly leads to XSS remained Moderate
CVE-2024-29034 was published for carrierwave (RubyGems) Mar 25, 2024
a-zara-n
A vulnerability in the TrustSec CLI parser of Cisco IOS and Cisco IOS XE Software could allow an... High Unreviewed
CVE-2021-34699 was published May 24, 2022
Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting') in trillium-http and trillium-client Moderate
CVE-2024-23644 was published for trillium-client (Rust) Jan 24, 2024
divergentdave
IBM PowerSC 1.3, 2.0, and 2.1 uses insecure HTTP methods which could allow a remote attacker to... Moderate Unreviewed
CVE-2023-50327 was published Feb 2, 2024
Bref vulnerable to Body Parsing Inconsistency in Event-Driven Functions Low
CVE-2024-24754 was published for bref/bref (Composer) Feb 1, 2024
smaury
Bref Doesn't Support Multiple Value Headers in ApiGatewayFormatV2 Moderate
CVE-2024-24753 was published for bref/bref (Composer) Feb 1, 2024
smaury mnapoli
The vulnerability allows a remote attacker to inject arbitrary HTTP response headers or... Moderate Unreviewed
CVE-2023-48256 was published Jan 10, 2024
HTTP response splitting in CGI High
CVE-2021-33621 was published for cgi (RubyGems) Nov 19, 2022
meineerde
Improper header name validation in guzzlehttp/psr7 Moderate
CVE-2023-29197 was published for guzzlehttp/psr7 (Composer) Apr 19, 2023
Nyholm TimWolla
GrahamCampbell
The HTTP/1 client does not fully validate the contents of the Host header. A maliciously crafted... Moderate Unreviewed
CVE-2023-29406 was published Jul 11, 2023
OpenZeppelin Contracts TransparentUpgradeableProxy clashing selector calls may not be delegated Moderate
CVE-2023-30541 was published for @openzeppelin/contracts (npm) Apr 17, 2023
MarkLee131
ProTip! Advisories are also available from the GraphQL API