GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,251
Erlang
31
GitHub Actions
21
Go
2,018
Maven
5,000+
npm
3,725
NuGet
662
pip
3,400
Pub
11
RubyGems
890
Rust
861
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
236,420 advisories
Filter by severity
An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. The...
Moderate
Unreviewed
CVE-2024-22085
was published
Mar 20, 2024
The issue was addressed with improved checks. This issue is fixed in iOS 17.1 and iPadOS 17.1,...
Moderate
Unreviewed
CVE-2023-42952
was published
Feb 21, 2024
An issue in Beijing Digital China Yunke Information Technology Co.Ltd v.7.2.6.120 allows a remote...
High
Unreviewed
CVE-2024-51114
was published
Dec 3, 2024
Vulnerability of serialization/deserialization mismatch in the vibration framework.Successful...
Moderate
Unreviewed
CVE-2023-52357
was published
Feb 18, 2024
A cross-site scripting (XSS) vulnerability in the component /management/term of School Fees...
Moderate
Unreviewed
CVE-2023-49987
was published
Mar 7, 2024
A privacy issue was addressed with improved handling of temporary files. This issue is fixed in...
Low
Unreviewed
CVE-2024-23232
was published
Mar 8, 2024
In procfile_write of drivers/misc/mediatek/connectivity/wlan/gen2/os/linux/gl_proc.c, there is a...
High
Unreviewed
CVE-2018-9393
was published
Dec 4, 2024
In get_binary of vendor/mediatek/proprietary/hardware/connectivity/gps/gps_hal/src/data_coder.c,...
High
Unreviewed
CVE-2018-9392
was published
Dec 4, 2024
Incorrect permission assignment in temporary access requests component in Devolutions Remote...
High
Unreviewed
CVE-2024-12149
was published
Dec 4, 2024
Cross Site Scripting (XSS) vulnerability in Form Tools 3.1.1 allows attackers to run arbitrary...
Moderate
Unreviewed
CVE-2024-22717
was published
Apr 11, 2024
Incorrect access control in Himalaya Xiaoya nano smart speaker rom_version 1.6.96 allows a remote...
Moderate
Unreviewed
CVE-2024-41624
was published
Jul 29, 2024
app/View/GalaxyClusters/cluster_export_misp_galaxy.ctp in MISP through 2.5.2 has stored XSS when...
Moderate
Unreviewed
CVE-2024-54674
was published
Dec 4, 2024
Itsourcecode Online Discussion Forum Project v.1.0.0 is vulnerable to Cross Site Scripting (XSS)...
Moderate
Unreviewed
CVE-2024-52676
was published
Dec 4, 2024
A permissions issue was addressed with additional restrictions. This issue is fixed in tvOS 17.1,...
Moderate
Unreviewed
CVE-2023-42953
was published
Feb 21, 2024
An issue was discovered in Veritas Enterprise Vault before 15.1 UPD882911, ZDI-CAN-24697. It...
Moderate
Unreviewed
CVE-2024-52943
was published
Nov 18, 2024
Incorrect authorization in permission validation component in Devolutions Server 2024.3.6.0 and...
Moderate
Unreviewed
CVE-2024-12148
was published
Dec 4, 2024
app/webroot/js/workflows-editor/workflows-editor.js in MISP through 2.5.2 has stored XSS in the...
Moderate
Unreviewed
CVE-2024-54675
was published
Dec 4, 2024
An issue in kmqtt v0.2.7 allows attackers to cause a Denial of Service (DoS) via a crafted request.
High
Unreviewed
CVE-2024-50947
was published
Dec 4, 2024
Incorrect permission assignment in the user migration feature in Devolutions Server 2024.3.8.0...
Moderate
Unreviewed
CVE-2024-12151
was published
Dec 4, 2024
This issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.4....
High
Unreviewed
CVE-2024-23233
was published
Mar 8, 2024
JSFinder commit d70ab9bc5221e016c08cffaf0d9ac79646c90645 is vulnerable to Directory Traversal in...
Unknown
Unreviewed
CVE-2024-53523
was published
Dec 5, 2024
GNU objdump 2.43 is vulnerable to Buffer Overflow in the BFD (Binary File Descriptor) library's...
Unknown
Unreviewed
CVE-2024-53589
was published
Dec 5, 2024
STMicroelectronics SPC58 is vulnerable to Missing Protection Mechanism for Alternate Hardware...
Unknown
Unreviewed
CVE-2023-48010
was published
Dec 5, 2024
DTStack Taier 1.4.0 allows remote attackers to specify the jobName parameter in the console...
Unknown
Unreviewed
CVE-2024-41579
was published
Dec 5, 2024
In OpenBSD 7.5 before errata 009 and OpenBSD 7.4 before errata 022, exclude any '/' in readdir...
Moderate
Unreviewed
CVE-2024-10933
was published
Dec 5, 2024
ProTip!
Advisories are also available from the
GraphQL API