Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,636
Maven
5,000+
npm
4,262
NuGet
760
pip
4,057
Pub
12
RubyGems
956
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

11,575 advisories

Loading
An issue was discovered in IdeBusDxe in Insyde InsydeH2O 5.x. Code in system management mode... High Unreviewed
CVE-2020-27339 was published May 24, 2022
A flaw was found in FreeIPA. This issue may allow a remote attacker to craft a HTTP request with... Moderate Unreviewed
CVE-2024-1481 was published Apr 10, 2024
HTTP/2 CONTINUATION DoS attack can cause Apache Traffic Server to consume more resources on the... High Unreviewed
CVE-2024-31309 was published Apr 10, 2024
This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sonoma 14... High Unreviewed
CVE-2024-23294 was published Mar 8, 2024
This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sonoma 14... High Unreviewed
CVE-2024-23246 was published Mar 8, 2024
The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14. Processing... High Unreviewed
CVE-2023-42826 was published Jan 11, 2024
This issue was addressed through improved state management. This issue is fixed in iOS 26.1 and... Moderate Unreviewed
CVE-2025-43427 was published Nov 4, 2025
This issue was addressed through improved state management. This issue is fixed in Safari 26.1,... Moderate Unreviewed
CVE-2025-43430 was published Nov 4, 2025
A logic issue was addressed with improved validation. This issue is fixed in macOS Sonoma 14.8.2,... Moderate Unreviewed
CVE-2025-43348 was published Nov 4, 2025
Improper input validation in the Intel(R) CSME installer software before version 2328.5.5.0 may... Moderate Unreviewed
CVE-2023-32633 was published Mar 14, 2024
In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the vulnerability enables network and same-site... Moderate Unreviewed
CVE-2022-31629 was published Sep 29, 2022
sapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script ... High Unreviewed
CVE-2012-1823 was published May 14, 2022
Format string vulnerability in Dropbear SSH before 2016.74 allows remote attackers to execute... Critical Unreviewed
CVE-2016-7406 was published May 17, 2022
Follow Redirects improperly handles URLs in the url.parse() function Moderate
CVE-2023-26159 was published for follow-redirects (npm) Jan 2, 2024
iainsproat
Credited to iainsproat
GitPython vulnerable to Remote Code Execution due to improper user input validation Critical
CVE-2022-24439 was published for GitPython (pip) Dec 6, 2022
ad-m-ss tdunlap607
Credited to ad-m-ss and tdunlap607
A validation issue was addressed with improved input sanitization. This issue is fixed in macOS... High Unreviewed
CVE-2025-43472 was published Nov 4, 2025
A denial-of-service issue was addressed with improved validation. This issue is fixed in macOS... High Unreviewed
CVE-2025-43401 was published Nov 4, 2025
The issue was addressed with improved input validation. This issue is fixed in tvOS 26, watchOS... High Unreviewed
CVE-2025-43372 was published Sep 16, 2025
A validation issue was addressed with improved logic. This issue is fixed in visionOS 2.4, macOS... High Unreviewed
CVE-2025-30471 was published Apr 1, 2025
The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7.5, macOS... Critical Unreviewed
CVE-2025-30452 was published Apr 1, 2025
A file access issue was addressed with improved input validation. This issue is fixed in macOS... High Unreviewed
CVE-2025-24255 was published Apr 1, 2025
ingress-nginx controller - auth secret file path traversal vulnerability Moderate
CVE-2025-24513 was published for k8s.io/ingress-nginx (Go) Mar 25, 2025
dor-hayun
Credited to dor-hayun
ingress-nginx controller - configuration injection via unsanitized auth-url annotation High
CVE-2025-24514 was published for k8s.io/ingress-nginx (Go) Mar 25, 2025
dor-hayun
Credited to dor-hayun
A vulnerability has been identified in Omnivise T3000 Application Server (All versions). The... High Unreviewed
CVE-2024-38879 was published Aug 2, 2024
Potential SSRF in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to... High Unreviewed
CVE-2024-39573 was published Jul 1, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database