Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,636
Maven
5,000+
npm
4,262
NuGet
760
pip
4,057
Pub
12
RubyGems
956
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

5,051 advisories

Loading
Any user can delete an arbitrary folder (recursively) on a remote server due to bad input... High Unreviewed
CVE-2024-0763 was published Feb 28, 2024
SMTP smuggling in Apache James High
CVE-2023-51747 was published for org.apache.james:james-server (Maven) Feb 27, 2024
oscerd
Credited to oscerd
Apache DolphinScheduler vulnerable to arbitrary JavaScript execution as root for authenticated users High
CVE-2024-23320 was published for org.apache.dolphinscheduler:dolphinscheduler-master (Maven) Feb 23, 2024
westonsteimel
Credited to westonsteimel
Potentially untrusted input is rendered as HTML in final output High
CVE-2024-26151 was published for mjml (pip) Feb 22, 2024
sh-at-cs
Credited to sh-at-cs
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. High Unreviewed
CVE-2024-1714 was published Feb 21, 2024
A malformed discovery packet sent by a malicious actor with preexisting access to the network... High Unreviewed
CVE-2024-22054 was published Feb 20, 2024
Vulnerability of input parameter verification in the motor module.Successful exploitation of this... High Unreviewed
CVE-2023-52372 was published Feb 18, 2024
In onCreate of NotificationAccessConfirmationActivity.java, there is a possible way for an app in... High Unreviewed
CVE-2024-0021 was published Feb 16, 2024
An issue in alanclarke URLite v.3.1.0 allows an attacker to cause a denial of service (DoS) via a... High Unreviewed
CVE-2023-51931 was published Feb 16, 2024
A command injection vulnerability was identified in GitHub Enterprise Server that allowed an... High Unreviewed
CVE-2024-1354 was published Feb 13, 2024
Microsoft Defender for Endpoint Protection Elevation of Privilege Vulnerability High Unreviewed
CVE-2024-21315 was published Feb 13, 2024
Twister Antivirus v8.17 allows Elevation of Privileges on the computer where it's installed by... High Unreviewed
CVE-2024-1096 was published Feb 13, 2024
Transient DOS in Multi-Mode Call Processor while processing UE policy container. High Unreviewed
CVE-2023-33057 was published Feb 6, 2024
The com.eypcnnapps.quickreboot (aka Eyuep Can Yilmaz {ROOT] Quick Reboot) application 1.0.8 for... High Unreviewed
CVE-2023-47355 was published Feb 5, 2024
In Modem NL1, there is a possible system crash due to an improper input validation. This could... High Unreviewed
CVE-2024-20003 was published Feb 5, 2024
In Modem NL1, there is a possible system crash due to an improper input validation. This could... High Unreviewed
CVE-2024-20004 was published Feb 5, 2024
MachineSense FeverWarn Raspberry Pi-based devices lack input sanitization, which could... High Unreviewed
CVE-2023-49610 was published Feb 2, 2024
ModSecurity / libModSecurity 3.0.0 to 3.0.11 is affected by a WAF bypass for path-based payloads... High Unreviewed
CVE-2024-1019 was published Jan 30, 2024
Improper Input Validation, Files or Directories Accessible to External Parties vulnerability in... High Unreviewed
CVE-2023-4550 was published Jan 29, 2024
Improper Input Validation vulnerability in OpenText AppBuilder on Windows, Linux allows OS... High Unreviewed
CVE-2023-4551 was published Jan 29, 2024
Improper Input Validation vulnerability in MegaBIP and already unsupported SmodBIP software... High Unreviewed
CVE-2023-5378 was published Jan 29, 2024
Sending a GET or HEAD request with a body crashes SvelteKit High
CVE-2024-23641 was published for @sveltejs/adapter-node (npm) Jan 24, 2024
kamerat Rich-Harris
Conduitry dominikg benmccann
Credited to kamerat, Rich-Harris, Conduitry, dominikg, and benmccann
Improper Input Validation in Hitron Systems DVR LGUVR-16H 1.02~4.02 allows an attacker to cause... High Unreviewed
CVE-2024-23842 was published Jan 23, 2024
Improper Input Validation in Hitron Systems DVR LGUVR-8H 1.02~4.02 allows an attacker to cause... High Unreviewed
CVE-2024-22772 was published Jan 23, 2024
Improper Input Validation in Hitron Systems DVR HVR-16781 1.03~4.02 allows an attacker to cause... High Unreviewed
CVE-2024-22770 was published Jan 23, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database