Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,636
Maven
5,000+
npm
4,262
NuGet
760
pip
4,057
Pub
12
RubyGems
956
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

5,051 advisories

Loading
Improper Input Validation in Hitron Systems DVR LGUVR-4H 1.02~4.02 allows an attacker to cause... High Unreviewed
CVE-2024-22771 was published Jan 23, 2024
Improper Input Validation in Hitron Systems DVR HVR-8781 1.03~4.02 allows an attacker to cause... High Unreviewed
CVE-2024-22769 was published Jan 23, 2024
Improper Input Validation in Hitron Systems DVR HVR-4781 1.03~4.02 allows an attacker to cause... High Unreviewed
CVE-2024-22768 was published Jan 23, 2024
In Splunk Enterprise for Windows versions below 9.0.8 and 9.1.3, Splunk Enterprise does not... High Unreviewed
CVE-2024-23678 was published Jan 22, 2024
Improper input validation for some Intel NUC BIOS firmware before version IN0048 may allow a... High Unreviewed
CVE-2023-29495 was published Jan 19, 2024
Improper input validation in some Intel NUC 8 Compute Element BIOS firmware may allow a... High Unreviewed
CVE-2023-42766 was published Jan 19, 2024
Improper input validation for some Intel NUC BIOS firmware before version QN0073 may allow a... High Unreviewed
CVE-2023-28743 was published Jan 19, 2024
Improper input validation in some Intel NUC BIOS firmware may allow a privileged user to... High Unreviewed
CVE-2023-38587 was published Jan 19, 2024
Improper input validation for some Intel NUC BIOS firmware before version JY0070 may allow a... High Unreviewed
CVE-2023-28738 was published Jan 19, 2024
In Progress MOVEit Transfer versions released before 2022.0.10 (14.0.10), 2022.1.11 (14.1.11),... High Unreviewed
CVE-2024-0396 was published Jan 17, 2024
Improper Input Validation vulnerability in HYPR Workforce Access on Windows allows Path Traversal... High Unreviewed
CVE-2023-5097 was published Jan 16, 2024
PAX Android based POS devices with PayDroid_8.1.0_Sagittarius_V11.1.50_20230614 or earlier can... High Unreviewed
CVE-2023-42136 was published Jan 15, 2024
PAX Android based POS devices with PayDroid_8.1.0_Sagittarius_V11.1.50_20230614 or earlier can... High Unreviewed
CVE-2023-42137 was published Jan 15, 2024
PAX A920 device allows to downgrade bootloader due to a bug in its version check. The signature... High Unreviewed
CVE-2023-4818 was published Jan 15, 2024
NVIDIA DGX A100 SBIOS contains a vulnerability where an attacker may cause an SMI callout... High Unreviewed
CVE-2023-31035 was published Jan 12, 2024
Privilege escalation in mk_tsm agent plugin in Checkmk before 2.2.0p17, 2.1.0p37 and 2.0.0p39... High Unreviewed
CVE-2023-6735 was published Jan 12, 2024
The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14. Processing... High Unreviewed
CVE-2023-42826 was published Jan 11, 2024
.NET Framework Denial of Service Vulnerability High Unreviewed
CVE-2024-21312 was published Jan 9, 2024
A vulnerability has been identified in SIMATIC CN 4100 (All versions < V2.7). The affected... High Unreviewed
CVE-2023-49252 was published Jan 9, 2024
Apache Axis Improper Input Validation vulnerability High
CVE-2023-51441 was published for axis:axis (Maven) Jan 6, 2024
ebickle
Credited to ebickle
Froxlor username/surname AND company field Bypass High
CVE-2023-50256 was published for froxlor/froxlor (Composer) Jan 4, 2024
ahmedvienna
Credited to ahmedvienna
PrestaShop some attribute not escaped in Validate::isCleanHTML method High
CVE-2024-21627 was published for prestashop/prestashop (Composer) Jan 3, 2024
Antonio-R1 antoniospataro
matthieu-rolland AureRita boherm matks
Credited to Antonio-R1, antoniospataro, matthieu-rolland, AureRita, boherm, and matks
An issue discovered in GPAC 2.3-DEV-rev605-gfc9e29089-master in MP4Box in gf_avc_change_vui ... High Unreviewed
CVE-2023-46929 was published Jan 3, 2024
An issue in Cesanta mjs 2.20.0 allows a remote attacker to cause a denial of service via the... High Unreviewed
CVE-2023-49551 was published Jan 3, 2024
Potential Actions command injection in output filenames (GHSL-2023-275) High
CVE-2023-52137 was published for tj-actions/verify-changed-files (GitHub Actions) Jan 2, 2024
jorgectf jsoref
Credited to jorgectf and jsoref
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database