Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
50
GitHub Actions
50
Go
3,682
Maven
5,000+
npm
5,000+
NuGet
933
pip
4,914
Pub
13
RubyGems
1,053
Rust
1,318
Swift
53
Unreviewed advisories
All unreviewed
5,000+

110 advisories

Loading
btcd susceptible to consensus failures Moderate
CVE-2024-34478 was published for github.com/btcsuite/btcd (Go) May 5, 2024
Softing Secure Integration Server Interpretation Conflict Remote Code Execution Vulnerability.... Moderate Unreviewed
CVE-2023-39481 was published May 3, 2024
An incorrect string comparison vulnerability in Palo Alto Networks PAN-OS software prevents... Moderate Unreviewed
CVE-2024-3386 was published Apr 10, 2024
The console may experience a service interruption when processing file names with invalid... Low Unreviewed
CVE-2023-45715 was published Mar 28, 2024
When a protocol selection parameter option disables all protocols without adding any then the... Low Unreviewed
CVE-2024-2004 was published Mar 27, 2024
CarrierWave content-Type allowlist bypass vulnerability which possibly leads to XSS remained Moderate
CVE-2024-29034 was published for carrierwave (RubyGems) Mar 25, 2024
a-zara-n Credited to a-zara-n
Amavis before 2.12.3 and 2.13.x before 2.13.1, in part because of its use of MIME-tools, has an... High Unreviewed
CVE-2024-28054 was published Mar 18, 2024
IBM PowerSC 1.3, 2.0, and 2.1 uses insecure HTTP methods which could allow a remote attacker to... Moderate Unreviewed
CVE-2023-50327 was published Feb 2, 2024
Bref vulnerable to Body Parsing Inconsistency in Event-Driven Functions Low
CVE-2024-24754 was published for bref/bref (Composer) Feb 1, 2024
smaury Credited to smaury
Bref Doesn't Support Multiple Value Headers in ApiGatewayFormatV2 Moderate
CVE-2024-24753 was published for bref/bref (Composer) Feb 1, 2024
smaury Credited to smaury and mnapoli mnapoli mnapoli
Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting') in trillium-http and trillium-client Moderate
CVE-2024-23644 was published for trillium-client (Rust) Jan 24, 2024
divergentdave Credited to divergentdave
The vulnerability allows a remote attacker to inject arbitrary HTTP response headers or... Moderate Unreviewed
CVE-2023-48256 was published Jan 10, 2024
A interpretation conflict in Fortinet IPS Engine versions 7.321, 7.166 and 6.158 allows attacker... High Unreviewed
CVE-2023-40718 was published Oct 10, 2023
The HTTP/1 client does not fully validate the contents of the Host header. A maliciously crafted... Moderate Unreviewed
CVE-2023-29406 was published Jul 11, 2023
In Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14, and Splunk Cloud Platform versions... High Unreviewed
CVE-2023-32708 was published Jul 6, 2023
There is a misinterpretation of input vulnerability in Huawei Printer. Successful exploitation of... High Unreviewed
CVE-2022-48471 was published Jun 16, 2023
There is a misinterpretation of input vulnerability in Huawei Printer. Successful exploitation of... High Unreviewed
CVE-2022-48473 was published Jun 16, 2023
Improper Input Validation in nyholm/psr7 Moderate
GHSA-wjfc-pgfp-pv9c was published for nyholm/psr7 (Composer) Apr 21, 2023
Improper header validation in httpsoft/http-message Moderate
GHSA-9jxr-mwpp-w643 was published for httpsoft/http-message (Composer) Apr 21, 2023
devanych Credited to devanych
Improper header name validation in guzzlehttp/psr7 Moderate
CVE-2023-29197 was published for guzzlehttp/psr7 (Composer) Apr 19, 2023
Nyholm Credited to Nyholm, TimWolla, and GrahamCampbell TimWolla TimWolla
GrahamCampbell GrahamCampbell
Insecure header validation in slim/psr7 Moderate
CVE-2023-30536 was published for slim/psr7 (Composer) Apr 18, 2023
GrahamCampbell Credited to GrahamCampbell, akrabat, and williamdes akrabat akrabat
williamdes williamdes
OpenZeppelin Contracts TransparentUpgradeableProxy clashing selector calls may not be delegated Moderate
CVE-2023-30541 was published for @openzeppelin/contracts (npm) Apr 17, 2023
MarkLee131 Credited to MarkLee131
In the Linux kernel before 6.0.3, drivers/gpu/drm/virtio/virtgpu_object.c misinterprets the... Moderate Unreviewed
CVE-2023-22998 was published Feb 28, 2023
There is a misinterpretation of input vulnerability in BiSheng-WNM FW 3.0.0.325. Successful... High Unreviewed
CVE-2022-48230 was published Feb 27, 2023
There is a misinterpretation of input vulnerability in BiSheng-WNM FW 3.0.0.325. Successful... High Unreviewed
CVE-2022-48261 was published Feb 27, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database