Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,126
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,021
Swift
39
Unreviewed advisories
All unreviewed
5,000+

12,432 advisories

Loading
Improper buffer restrictions in some Intel(R) Thunderbolt(TM) DCH drivers for Windows before... Low Unreviewed
CVE-2023-27307 was published Oct 10, 2024
Improper access control in some Intel(R) Thunderbolt(TM) DCH drivers for Windows before version... Low Unreviewed
CVE-2023-27303 was published Oct 10, 2024
Deserialization of untrusted data in some Intel(R) Thunderbolt(TM) DCH drivers for Windows before... Low Unreviewed
CVE-2023-26592 was published Oct 10, 2024
Unchecked return value in some Intel(R) Thunderbolt(TM) DCH drivers for Windows before version 88... Low Unreviewed
CVE-2023-26591 was published Oct 10, 2024
Gradio's dropdown component pre-process step does not limit the values to those in the dropdown list Low
GHSA-26jh-r8g2-6fpr was published for gradio (pip) Oct 10, 2024
ahpaleus Vasco-jofra
Lord of Large Language Models (LoLLMs) Server path traversal vulnerability in lollms_file_system.py Low
CVE-2024-6971 was published for lollms (pip) Oct 11, 2024
Race condition in zenml Low
CVE-2024-2032 was published for zenml (pip) Jun 6, 2024
Go-Landlock in best-effort mode did not restrict TCP bind and connect operations correctly Low
GHSA-vv6c-69r6-chg9 was published for github.com/landlock-lsm/go-landlock (Go) Oct 14, 2024
SpiceDB calls to LookupResources using LookupResources2 with caveats may return context is missing when it is not Low
CVE-2024-48909 was published for github.com/authzed/spicedb (Go) Oct 14, 2024
A dynamic search for a prerequisite library could allow the possibility for an attacker to... Low Unreviewed
CVE-2024-30117 was published Oct 15, 2024
Excessive attack surface in archive-server service due to binding to an unrestricted IP address.... Low Unreviewed
CVE-2024-49382 was published Oct 15, 2024
Excessive attack surface in acep-collector service due to binding to an unrestricted IP address.... Low Unreviewed
CVE-2024-49384 was published Oct 15, 2024
Excessive attack surface in acep-importer service due to binding to an unrestricted IP address.... Low Unreviewed
CVE-2024-49383 was published Oct 15, 2024
Sensitive information manipulation due to improper authorization. The following products are... Low Unreviewed
CVE-2024-49388 was published Oct 15, 2024
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Telemetry). ... Low Unreviewed
CVE-2024-21243 was published Oct 15, 2024
Vulnerability in the XML Database component of Oracle Database Server. Supported versions that... Low Unreviewed
CVE-2024-21242 was published Oct 15, 2024
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Telemetry). ... Low Unreviewed
CVE-2024-21244 was published Oct 15, 2024
Vulnerability in the Oracle Hyperion BI+ product of Oracle Hyperion (component: UI and... Low Unreviewed
CVE-2024-21257 was published Oct 15, 2024
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Group Replication... Low Unreviewed
CVE-2024-21237 was published Oct 15, 2024
open-webui allows enumeration of file names and traversal of directories by observing the error messages Low
CVE-2024-7038 was published for open-webui (pip) Oct 9, 2024
python-keystoneclient unsecure user password update Low
CVE-2013-2013 was published for python-keystoneclient (pip) May 17, 2022
pyxdg Arbitrary File Overwrite via Race Condition Low
CVE-2014-1624 was published for pyxdg (pip) May 17, 2022
Incorrect Provision of Specified Functionality in qutebrowser Low
CVE-2020-11054 was published for qutebrowser (pip) May 8, 2020
The-Compiler
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... Low Unreviewed
CVE-2024-43687 was published Oct 4, 2024
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... Low Unreviewed
CVE-2024-43686 was published Oct 4, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database