Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
44
GitHub Actions
43
Go
3,181
Maven
5,000+
npm
5,000+
NuGet
863
pip
4,474
Pub
12
RubyGems
991
Rust
1,185
Swift
51
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

293,693 advisories

Loading
Off-by-one buffer overflow in the sock_gets function in sockhelp.c for ATPhttpd 0.4b and earlier... High Unreviewed
CVE-2002-1816 was published Apr 30, 2022
Windows 2000 allows local users to prevent the application of new group policy settings by... Moderate Unreviewed
CVE-2002-0051 was published Apr 30, 2022
PostgreSQL uses the username for a salt when generating passwords, which makes it easier for... Moderate Unreviewed
CVE-2002-1657 was published Apr 30, 2022
Pathways Homecare 6.5 uses weak encryption for user names and passwords, which allows local users... Moderate Unreviewed
CVE-2001-1546 was published Apr 30, 2022
Symantec LiveUpdate before 1.6 does not use cryptography to ensure the integrity of download... High Unreviewed
CVE-2001-1125 was published Apr 30, 2022
ChaiVM EZloader for HP color LaserJet 4500 and 4550 and HP LaserJet 4100 and 8150 does not... Moderate Unreviewed
CVE-2002-1796 was published Apr 30, 2022
Sharp Zaurus PDA SL-5000D and SL-5500 uses a salt of "A0" to encrypt the screen-locking password... Low Unreviewed
CVE-2002-1975 was published Apr 30, 2022
Microsoft Windows Phone 7 does not verify the domain name in the subject's Common Name (CN) field... Low Unreviewed
CVE-2012-2993 was published May 17, 2022
Race condition in Linux 2.6, when threads are sharing memory mapping via CLONE_VM (such as... Low Unreviewed
CVE-2005-3106 was published May 1, 2022
Eval injection vulnerability in bvh_import.py in Blender 2.36 allows attackers to execute... High Unreviewed
CVE-2005-3302 was published May 1, 2022
Missing Authorization vulnerability in CusRev Customer Reviews for WooCommerce.This issue affects... Moderate Unreviewed
CVE-2023-51692 was published Feb 28, 2024
gpac v2.2.1 was discovered to contain a memory leak via the gfio_blob variable in the... High Unreviewed
CVE-2024-24267 was published Feb 5, 2024
Miro Desktop 0.8.18 on macOS allows Electron code injection. Critical Unreviewed
CVE-2024-23746 was published Feb 2, 2024
Cross-site scripting vulnerability exists in Group Office prior to v6.6.182, prior to v6.7.64 and... Moderate Unreviewed
CVE-2024-23941 was published Feb 1, 2024
An Open Redirect vulnerability was found in osTicky2 below 2.2.8. osTicky (osTicket Bridge) by... Moderate Unreviewed
CVE-2024-21728 was published Feb 15, 2024
Cybozu KUNAI for Android 3.0.20 to 3.0.21 allows a remote unauthenticated attacker to cause a... High Unreviewed
CVE-2024-23304 was published Feb 6, 2024
Server-Side Request Forgery vulnerability in Haivision's Aviwest Manager and Aviwest Steamhub.... Moderate Unreviewed
CVE-2024-1965 was published Feb 28, 2024
Industrial Control Systems Network Protocol Parsers (ICSNPP) - Ethercat Zeek Plugin versions... High Unreviewed
CVE-2023-7242 was published Mar 1, 2024
In OpenBSD 7.4 before errata 009, a race condition between pf(4)'s processing of packets and... Moderate Unreviewed
CVE-2023-52556 was published Mar 1, 2024
The inclusion of the web scraper for AnythingLLM means that any user with the proper... Critical Unreviewed
CVE-2024-0455 was published Feb 26, 2024
A user with a `default` role given to them by the admin can sent `DELETE` HTTP requests to ... High Unreviewed
CVE-2024-0798 was published Feb 26, 2024
A flaw in the Windows Installer in Thales SafeNet Authentication Client prior to 10.8 R10 on... High Unreviewed
CVE-2023-5993 was published Feb 27, 2024
A flaw in the installer for Thales SafeNet Sentinel HASP LDK prior to 9.16 on Windows allows an... High Unreviewed
CVE-2024-0197 was published Feb 27, 2024
Attacker, with permission to submit a link or submits a link via POST to be collected that is... Critical Unreviewed
CVE-2024-0440 was published Feb 26, 2024
The Calculated Fields Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via... Moderate Unreviewed
CVE-2024-0963 was published Feb 2, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database