Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,902
Maven
5,000+
npm
3,631
NuGet
638
pip
3,246
Pub
10
RubyGems
863
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

10,603 advisories

Loading
A flaw was found in Envoy. It is possible to modify or manipulate headers from external clients... High Unreviewed
CVE-2024-7207 was published Sep 20, 2024
protobuf-java has potential Denial of Service issue High
CVE-2024-7254 was published for com.google.protobuf:protobuf-java (RubyGems) Sep 19, 2024
In Brave Android prior to v1.67.116, domains in the Brave Shields popup are elided from the right... High Unreviewed
CVE-2024-37406 was published Sep 19, 2024
Mesop has a local file Inclusion via static file serving functionality High
CVE-2024-45601 was published for mesop (pip) Sep 18, 2024
Letm3through
Vulnerability in CIRCUTOR TCP2RS+ firmware version 1.3b, which could allow an attacker to modify... Critical Unreviewed
CVE-2024-8889 was published Sep 18, 2024
Apache Druid: Users can provide MySQL JDBC properties not on allow list Low
CVE-2024-45537 was published for org.apache.druid:druid (Maven) Sep 17, 2024
Contao affected by insert tag injection via canonical URL Moderate
CVE-2024-45612 was published for contao/core-bundle (Composer) Sep 17, 2024
aschempp
Improper input validation in some Intel(R) RAID Web Console software all versions may allow an... Moderate Unreviewed
CVE-2024-34545 was published Sep 16, 2024
Improper input validation in UEFI firmware for some Intel(R) Processors may allow a privileged... High Unreviewed
CVE-2024-21781 was published Sep 16, 2024
Improper input validation in UEFI firmware error handler for some Intel(R) Processors may allow a... High Unreviewed
CVE-2024-21829 was published Sep 16, 2024
Improper input validation in UEFI firmware for some Intel(R) Processors may allow a privileged... High Unreviewed
CVE-2024-21871 was published Sep 16, 2024
In ppmp_protect_mfcfw_buf of code/drm_fw.c, there is a possible memory corruption due to improper... High Unreviewed
CVE-2024-44094 was published Sep 13, 2024
A denial-of-service vulnerability exists in the Rockwell Automation affected products when... High Unreviewed
CVE-2024-6077 was published Sep 12, 2024
CVE-2024-45825 IMPACT A denial-of-service vulnerability exists in the affected products. The... High Unreviewed
CVE-2024-45825 was published Sep 12, 2024
Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows OS... High Unreviewed
CVE-2024-6658 was published Sep 12, 2024
A vulnerability in the segment routing feature for the Intermediate System-to-Intermediate System... High Unreviewed
CVE-2024-20406 was published Sep 11, 2024
Kernel Streaming Service Driver Elevation of Privilege Vulnerability High Unreviewed
CVE-2024-38241 was published Sep 10, 2024
Windows Networking Denial of Service Vulnerability Moderate Unreviewed
CVE-2024-38234 was published Sep 10, 2024
Kernel Streaming Service Driver Elevation of Privilege Vulnerability High Unreviewed
CVE-2024-38244 was published Sep 10, 2024
Kernel Streaming Service Driver Elevation of Privilege Vulnerability High Unreviewed
CVE-2024-38243 was published Sep 10, 2024
Kernel Streaming Service Driver Elevation of Privilege Vulnerability High Unreviewed
CVE-2024-38245 was published Sep 10, 2024
Windows Remote Desktop Licensing Service Spoofing Vulnerability High Unreviewed
CVE-2024-43455 was published Sep 10, 2024
Microsoft SQL Server Elevation of Privilege Vulnerability High Unreviewed
CVE-2024-37965 was published Sep 10, 2024
PowerShell Elevation of Privilege Vulnerability High Unreviewed
CVE-2024-38046 was published Sep 10, 2024
An authenticated attacker can exploit an improper authorization vulnerability in Azure Web Apps... High Unreviewed
CVE-2024-38194 was published Sep 10, 2024
ProTip! Advisories are also available from the GraphQL API