Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,126
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,021
Swift
39
Unreviewed advisories
All unreviewed
5,000+

172 advisories

Loading
A vulnerability exists in the Rockwell Automation Emulate3D™, which could be leveraged to execute... Moderate Unreviewed
CVE-2024-6079 was published Aug 13, 2024
A vulnerability was found in SourceCodester Simple Online Bidding System 1.0. It has been... Moderate Unreviewed
CVE-2024-7911 was published Aug 18, 2024
CVE-2024-45826 IMPACT Due to improper input validation, a path traversal and remote code... High Unreviewed
CVE-2024-45826 was published Sep 12, 2024
Local privilege escalation during installation due to improper soft link handling. The following... High Unreviewed
CVE-2022-46869 was published Aug 31, 2023
Nomad Vulnerable to Allocation Directory Escape On Non-Existing File Paths Through Archive Unpacking Moderate
CVE-2024-7625 was published for github.com/hashicorp/nomad (Go) Aug 15, 2024
HashiCorp Nomad vulnerable to symlink attacks High
CVE-2024-1329 was published for github.com/hashicorp/nomad (Go) Feb 8, 2024
ASUS Armoury Crate has a vulnerability in arbitrary file write and allows remote attackers to... Critical Unreviewed
CVE-2023-5716 was published Jan 19, 2024
A file overwrite vulnerability exists in gaizhenbiao/chuanhuchatgpt versions <= 20240410. This... Moderate Unreviewed
CVE-2024-5823 was published Oct 29, 2024
Externally Controlled Reference to a Resource in Another Sphere, Improper Input Validation, and External Control of File Name or Path in Ansible High
CVE-2019-14905 was published for ansible (pip) Apr 20, 2021
snapd failed to properly check the destination of symbolic links when extracting a snap Low
CVE-2024-29069 was published for github.com/snapcore/snapd (Go) Jul 25, 2024
In updateNotificationChannelFromPrivilegedListener of NotificationManagerService.java, there is a... High Unreviewed
CVE-2024-31319 was published Jul 9, 2024
Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability. High Unreviewed
CVE-2022-30190 was published Jun 2, 2022
A externally controlled reference to a resource in another sphere in Fortinet FortiManager before... Moderate Unreviewed
CVE-2022-23439 was published Jan 22, 2025
php-svg-lib lacks path validation on font through SVG inline styles Moderate
CVE-2024-25117 was published for phenx/php-svg-lib (Composer) Feb 21, 2024
A configuration setting issue in seccenter.exe as used in Bitdefender Total Security, Bitdefender... High Unreviewed
CVE-2023-6154 was published Apr 1, 2024
Incorrect control of environment variables in PostgreSQL PL/Perl allows an unprivileged database... High Unreviewed
CVE-2024-10979 was published Nov 14, 2024
An authenticated file read vulnerability in the Palo Alto Networks PAN-OS software enables an... High Unreviewed
CVE-2025-0111 was published Feb 12, 2025
In multiple functions of MediaSessionRecord.java, there is a possible Intent rebroadcast due to a... High Unreviewed
CVE-2023-20964 was published Mar 24, 2023
There is a local file inclusion vulnerability in ArcGIS Server 10.9.1 thru 11.3 that may allow a... High Unreviewed
CVE-2024-51961 was published Mar 3, 2025
A vulnerability, which was classified as problematic, has been found in crmeb_java up to 1.3.4.... Moderate Unreviewed
CVE-2025-2365 was published Mar 17, 2025
The Download Manager plugin for WordPress is vulnerable to arbitrary file deletion in versions up... High Unreviewed
CVE-2022-2431 was published Sep 7, 2022
A vulnerability, which was classified as problematic, was found in zhangyanbo2007 youkefu up to 4... Moderate Unreviewed
CVE-2025-3241 was published Apr 4, 2025
Netskope Client on Mac OS is impacted by a vulnerability in which the postinstall script does not... Moderate Unreviewed
CVE-2024-13177 was published Apr 15, 2025
In onPreferenceClick of AccountTypePreferenceLoader.java, there is a possible way to retrieve... Moderate Unreviewed
CVE-2022-20515 was published Dec 20, 2022
In Multiple Locations, there is a possibility to launch arbitrary protected activities due to a... High Unreviewed
CVE-2022-20550 was published Dec 20, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database