Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,636
Maven
5,000+
npm
4,262
NuGet
760
pip
4,057
Pub
12
RubyGems
956
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

11,575 advisories

Loading
An attacker who has the privilege to configure Zabbix items can use function icmpping() with... High Unreviewed
CVE-2023-32727 was published Dec 22, 2023
IBM Security Verify Access 10.0.0, 10.0.1, 10.0.2, 10.0.3, 10.0.4, and 10.0.5 could allow an... High Unreviewed
CVE-2023-25927 was published May 12, 2023
An issue in the urllib.parse component of Python before v3.11 allows attackers to bypass... High Unreviewed
CVE-2023-24329 was published Feb 17, 2023
Improper input validation of octal strings in Python stdlib ipaddress 3.10 and below allows... Critical Unreviewed
CVE-2021-29921 was published May 24, 2022
Improper input validation in UEFI firmware for some Intel(R) Processors may allow a privileged... High Unreviewed
CVE-2024-21871 was published Sep 16, 2024
Improper input validation in UEFI firmware error handler for some Intel(R) Processors may allow a... High Unreviewed
CVE-2024-21829 was published Sep 16, 2024
Improper input validation in UEFI firmware for some Intel(R) Processors may allow a privileged... High Unreviewed
CVE-2024-21781 was published Sep 16, 2024
Improper input validation in firmware for some Intel(R) CSME may allow a privileged user to... Moderate Unreviewed
CVE-2023-34424 was published Aug 14, 2024
Apache Traffic Server accepts characters that are not allowed for HTTP field names and forwards... High Unreviewed
CVE-2023-38522 was published Jul 26, 2024
Apache Traffic Server forwards malformed HTTP chunked trailer section to origin servers. This can... Critical Unreviewed
CVE-2024-35161 was published Jul 26, 2024
Invalid Accept-Encoding header can cause Apache Traffic Server to fail cache lookup and force... High Unreviewed
CVE-2024-35296 was published Jul 26, 2024
The cause of vulnerability is improper validation of form input field “Name” on Graph page in... Moderate Unreviewed
CVE-2024-22119 was published Feb 9, 2024
A stored XSS has been found in the Zabbix web application in the Maps element if a URL field is... Moderate Unreviewed
CVE-2023-32721 was published Oct 12, 2023
Stored or persistent cross-site scripting (XSS) is a type of XSS where the attacker first sends... Moderate Unreviewed
CVE-2023-29454 was published Jul 13, 2023
Reflected XSS attacks, occur when a malicious script is reflected off a web application to the... Moderate Unreviewed
CVE-2023-29457 was published Jul 13, 2023
Reflected XSS attacks, also known as non-persistent attacks, occur when a malicious script is... Moderate Unreviewed
CVE-2023-29455 was published Jul 13, 2023
URL validation scheme receives input from a user and then parses it to identify its various... Moderate Unreviewed
CVE-2023-29456 was published Jul 13, 2023
Zabbix Frontend provides a feature that allows admins to maintain the installation and ensure... Critical Unreviewed
CVE-2022-43515 was published Dec 5, 2022
Symfony has an incorrect response from Validator when input ends with `\n` Low
CVE-2024-50343 was published for symfony/symfony (Composer) Nov 6, 2024
offscriptian alexandre-daubois
Credited to offscriptian and alexandre-daubois
aiohttp's ClientSession is vulnerable to CRLF injection via version Moderate
CVE-2023-49081 was published for aiohttp (pip) Nov 27, 2023
jnovikov
Credited to jnovikov
aiohttp's ClientSession is vulnerable to CRLF injection via method Moderate
CVE-2023-49082 was published for aiohttp (pip) Nov 27, 2023
jnovikov
Credited to jnovikov
Sabberworm PHP CSS Parser Code injection vulnerability in allSelectors() Critical
CVE-2020-13756 was published for sabberworm/php-css-parser (Composer) Mar 26, 2022
Duplicate Advisory: motionEye vulnerable to RCE via unsanitized motion config parameter High
GHSA-26f6-wm47-7h7j was published for motioneye (pip) Oct 3, 2025 withdrawn
A denial-of-service issue was addressed with improved validation. This issue is fixed in macOS... Moderate Unreviewed
CVE-2025-43299 was published Sep 16, 2025
The issue was addressed with improved input validation. This issue is fixed in macOS Sequoia 15.7... Moderate Unreviewed
CVE-2025-43293 was published Sep 16, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database