Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

131 advisories

Loading
An attacker could cause a select dropdown to be shown over another tab; this could have led to... Moderate Unreviewed
CVE-2024-11692 was published Nov 26, 2024
The incorrect domain may have been displayed in the address bar during an interrupted navigation... Moderate Unreviewed
CVE-2024-11701 was published Nov 26, 2024
In Malwarebytes EDR 1.0.11 for Linux, it is possible to bypass the detection layers that depend... Moderate Unreviewed
CVE-2023-29147 was published Jun 30, 2023
The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.1, macOS... Moderate Unreviewed
CVE-2023-42889 was published Feb 21, 2024
A user who enables full-screen mode on a specially crafted web page could potentially be... Moderate Unreviewed
CVE-2024-9391 was published Oct 1, 2024
An issue in Annonshop.app DecentralizeJustice/ anonymousLocker commit 2b2b4 allows attackers to... Moderate Unreviewed
CVE-2024-36588 was published Jun 13, 2024
Click Studios Passwordstate Core before 9.8 build 9858 allows Authentication Bypass. Moderate Unreviewed
CVE-2024-39337 was published Jun 24, 2024
DESIGNA ABACUS v.18 and before allows an attacker to bypass the payment process via a crafted QR... Moderate Unreviewed
CVE-2024-31802 was published Jun 27, 2024
An issue was discovered in GNOME GLib before 2.78.5, and 2.79.x and 2.80.x before 2.80.1. When a... Moderate Unreviewed
CVE-2024-34397 was published May 7, 2024
Entrust Instant Financial Issuance (On Premise) Software (formerly known as Cardwizard) 6.10.0, 6... Moderate Unreviewed
CVE-2024-39341 was published Sep 23, 2024
HCL DevOps Deploy / HCL Launch does not invalidate session after logout which could allow an... Moderate Unreviewed
CVE-2024-23558 was published Apr 15, 2024
This issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.4. A... Moderate Unreviewed
CVE-2024-27853 was published Jul 30, 2024
If a site had been granted the permission to open popup windows, it could cause Select elements... Moderate Unreviewed
CVE-2024-8386 was published Sep 3, 2024
QUIC in HAProxy 3.1.x before 3.1-dev7, 3.0.x before 3.0.5, and 2.9.x before 2.9.11 allows opening... Moderate Unreviewed
CVE-2024-49214 was published Oct 14, 2024
A vulnerability in the Network Service Group (NSG) feature of Cisco Adaptive Security Appliance ... Moderate Unreviewed
CVE-2024-20384 was published Oct 23, 2024
A vulnerability in the AnyConnect firewall for Cisco Adaptive Security Appliance (ASA) Software... Moderate Unreviewed
CVE-2024-20299 was published Oct 23, 2024
A vulnerability in the AnyConnect firewall for Cisco Adaptive Security Appliance (ASA) Software... Moderate Unreviewed
CVE-2024-20297 was published Oct 23, 2024
Azure Active Directory Pod Identity Spoofing Vulnerability Moderate Unreviewed
CVE-2021-1677 was published May 24, 2022
An issue has been discovered in GitLab CE/EE affecting all versions before 16.9.6, all versions... Moderate Unreviewed
CVE-2024-1347 was published Apr 25, 2024
In WS_FTP Server versions before 8.8.8 (2022.0.8), a Missing Critical Step in Multi-Factor... Moderate Unreviewed
CVE-2024-7745 was published Aug 28, 2024
Typecho v1.3.0 was discovered to contain a race condition vulnerability in the post commenting... Moderate Unreviewed
CVE-2024-35539 was published Aug 19, 2024
Typecho v1.3.0 was discovered to contain a Client IP Spoofing vulnerability, which allows... Moderate Unreviewed
CVE-2024-35538 was published Aug 19, 2024
An IP Spoofing vulnerability has been discovered in Likeshop up to 2.5.7.20210811. This issue... Moderate Unreviewed
CVE-2024-41432 was published Aug 7, 2024
Skype for Business and Lync Spoofing Vulnerability. Moderate Unreviewed
CVE-2022-26910 was published Apr 16, 2022
An issue in Typora v.1.8.10 and before, allows a local attacker to obtain sensitive information... Moderate Unreviewed
CVE-2024-31784 was published Apr 16, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database