Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
40
Go
2,960
Maven
5,000+
npm
4,611
NuGet
788
pip
4,314
Pub
12
RubyGems
984
Rust
1,121
Swift
49
Unreviewed advisories
All unreviewed
5,000+

1,023 advisories

Loading
nbgrader's `frame-ancestors: self` grants all users access to formgrader High
CVE-2025-23205 was published for nbgrader (pip) Jan 17, 2025
In the Linux kernel, the following vulnerability has been resolved: s390/entry: Mark IRQ entries... High Unreviewed
CVE-2024-57838 was published Jan 11, 2025
Dell NativeEdge, version(s) 2.1.0.0, contain(s) a Creation of Temporary File With Insecure... Moderate Unreviewed
CVE-2024-52543 was published Dec 25, 2024
Use of Hardware Page Aggregation (HPA) and Stage-1 and/or Stage-2 translation on A77, A78, A78C,... Critical Unreviewed
CVE-2024-5660 was published Dec 10, 2024
Software installed and run as a non-privileged user may conduct improper GPU system calls to gain... High Unreviewed
CVE-2024-43704 was published Nov 18, 2024
Exposure of resource to wrong sphere in some Intel(R) processors with Intel(R) ACTM may allow a... High Unreviewed
CVE-2024-24985 was published Nov 13, 2024
Twig has unguarded calls to `__isset()` and to array-accesses when the sandbox is enabled Low
CVE-2024-51755 was published for twig/twig (Composer) Nov 6, 2024
maantje nicolas-grekas
G-Rath
Credited to maantje, nicolas-grekas, and G-Rath
Twig has unguarded calls to `__toString()` when nesting an object into an array Low
CVE-2024-51754 was published for twig/twig (Composer) Nov 6, 2024
maantje fabpot
Credited to maantje and fabpot
In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: change DMA... High Unreviewed
CVE-2024-43881 was published Aug 21, 2024
Apache Helix Front (UI) component contained a hard-coded secret High
CVE-2024-22281 was published for org.apache.helix:helix (Maven) Aug 21, 2024
TorchServe gRPC Port Exposure High
CVE-2024-35199 was published for torchserve (pip) Jul 18, 2024
A partial fix for  CVE-2024-39884 in the core of Apache HTTP Server 2.4.61 ignores some use of... Moderate Unreviewed
CVE-2024-40725 was published Jul 18, 2024
In the Linux kernel, the following vulnerability has been resolved: vmci: prevent speculation... High Unreviewed
CVE-2024-39499 was published Jul 12, 2024
An Exposure of Resource to Wrong Sphere vulnerability in the sampling service of Juniper Networks... Moderate Unreviewed
CVE-2024-39553 was published Jul 11, 2024
Windows MSHTML Platform Spoofing Vulnerability High Unreviewed
CVE-2024-38112 was published Jul 9, 2024
In the Linux kernel, the following vulnerability has been resolved: net: fix information leakage... High Unreviewed
CVE-2022-48757 was published Jun 20, 2024
IBM Maximo Asset Management 7.6.1.3 and IBM Maximo Application Suite 8.10 and 8.11 allows web... Moderate Unreviewed
CVE-2024-22333 was published Jun 13, 2024
CWE-668: Exposure of the Resource Wrong Sphere vulnerability exists that exposes a SSH interface... Moderate Unreviewed
CVE-2024-5313 was published Jun 12, 2024
malicious container creates symlink "mtab" on the host External High
CVE-2024-5154 was published for github.com/cri-o/cri-o (Go) Jun 4, 2024
eriksjolund
Credited to eriksjolund
A local attacker with low privileges can read and modify any users files and cause a DoS in the... High Unreviewed
CVE-2023-5751 was published Jun 4, 2024
In the Linux kernel, the following vulnerability has been resolved: tipc: fix kernel warning... Moderate Unreviewed
CVE-2023-52700 was published May 21, 2024
In the Linux kernel, the following vulnerability has been resolved: ipack: ipoctal: fix stack... High Unreviewed
CVE-2021-47401 was published May 21, 2024
Exposure of resource to wrong sphere in some Intel(R) DTT software installers may allow an... High Unreviewed
CVE-2024-21813 was published May 16, 2024
wolfictl leaks GitHub tokens to remote non-GitHub git servers Moderate
CVE-2024-35183 was published for github.com/wolfi-dev/wolfictl (Go) May 15, 2024
luhring
Credited to luhring
Softing Secure Integration Server Exposure of Resource to Wrong Sphere Remote Code Execution... Moderate Unreviewed
CVE-2023-39478 was published May 3, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database