Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
41
Go
3,026
Maven
5,000+
npm
4,763
NuGet
824
pip
4,366
Pub
12
RubyGems
987
Rust
1,143
Swift
50
Unreviewed advisories
All unreviewed
5,000+

194 advisories

Loading
OpenStack Neutron can use an incorrect ID during policy enforcement Moderate
CVE-2024-53916 was published for neutron (pip) Nov 25, 2024
bottarocarlo
Credited to bottarocarlo
Moodle vulnerable to cache poisoning via injection into storage Moderate
CVE-2024-43428 was published for moodle/moodle (Composer) Nov 7, 2024
In 2N Access Commander versions 3.1.1.2 and prior, a local attacker can escalate their privileges... Moderate Unreviewed
CVE-2024-47255 was published Nov 5, 2024
In 2N Access Commander versions 3.1.1.2 and prior, an Insufficient Verification of Data... Moderate Unreviewed
CVE-2024-47254 was published Nov 5, 2024
The goTenna Pro ATAK Plugin use AES CTR mode for short, encrypted messages without any... Moderate Unreviewed
CVE-2024-43108 was published Sep 26, 2024
The goTenna Pro series use AES CTR mode for short, encrypted messages without any additional... Moderate Unreviewed
CVE-2024-47123 was published Sep 26, 2024
Sony XAV-AX5500 Insufficient Firmware Update Validation Remote Code Execution Vulnerability. This... Moderate Unreviewed
CVE-2024-23922 was published Sep 23, 2024
The Limit Login Attempts Plus plugin for WordPress is vulnerable to IP Address Spoofing in... Moderate Unreviewed
CVE-2022-4533 was published Sep 19, 2024
Dovecot accepts dot LF DOT LF symbol as end of DATA command. RFC requires that it should always... Moderate Unreviewed
CVE-2024-25584 was published Sep 6, 2024
The Web Application Firewall plugin for WordPress is vulnerable to IP Address Spoofing in... Moderate Unreviewed
CVE-2022-4539 was published Aug 31, 2024
Diebold Nixdorf Vynamic Security Suite (VSS) before 3.3.0 SR15, 4.0.0 SR05, 4.1.0 SR03, and 4.2.0... Moderate Unreviewed
CVE-2023-28865 was published Aug 8, 2024
In regclient, pinned manifest digests may be ignored Moderate
CVE-2025-24882 was published for github.com/regclient/regclient (Go) Aug 5, 2024
Matrix Tafnit v8 - CWE-646: Reliance on File Name or Extension of Externally-Supplied File Moderate Unreviewed
CVE-2024-38432 was published Jul 30, 2024
An attacker with access to the private network (the charger is connected to) or local access to... Moderate Unreviewed
CVE-2024-5684 was published Jun 6, 2024
Insufficient Verification of Data Authenticity vulnerability in Cozmoslabs Profile Builder allows... Moderate Unreviewed
CVE-2024-31341 was published May 17, 2024
Insufficient verification of data authenticity in the installer for Zoom Workplace VDI App for... Moderate Unreviewed
CVE-2024-27244 was published May 15, 2024
ThroughTek Kalay SDK does not verify the authenticity of received messages, allowing an attacker... Moderate Unreviewed
CVE-2023-6323 was published May 15, 2024
sshpiper's enabling of proxy protocol without proper feature flagging allows faking source address Moderate
CVE-2024-35175 was published for github.com/tg123/sshpiper (Go) May 14, 2024
pgibson1-godaddy mtrop-godaddy
Credited to pgibson1-godaddy and mtrop-godaddy
An insufficient verification of data authenticity vulnerability [CWE-345] in Fortinet FortiOS SSL... Moderate Unreviewed
CVE-2023-45586 was published May 14, 2024
A vulnerability has been identified in SIMATIC RTLS Locating Manager (6GT2780-0DA00) (All... Moderate Unreviewed
CVE-2024-33494 was published May 14, 2024
Insufficient verification of data authenticity issue in Survey Maker prior to 3.6.4 allows a... Moderate Unreviewed
CVE-2023-35764 was published Apr 3, 2024
aiosmtpd vulnerable to SMTP smuggling Moderate
CVE-2024-27305 was published for aiosmtpd (pip) Mar 13, 2024
The-Login
Credited to The-Login
Malformed Device Reset Locally Command Class packets can be sent to the controller, causing the... Moderate Unreviewed
CVE-2023-6533 was published Feb 21, 2024
IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0... Moderate Unreviewed
CVE-2023-32329 was published Feb 3, 2024
Classic builder cache poisoning Moderate
CVE-2024-24557 was published for github.com/docker/docker (Go) Feb 1, 2024
vvoland rumpl
gabriellavengeo
Credited to vvoland, rumpl, and gabriellavengeo
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database