GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,248
Erlang
31
GitHub Actions
21
Go
2,016
Maven
5,000+
npm
3,721
NuGet
662
pip
3,400
Pub
11
RubyGems
890
Rust
852
Swift
36
Unreviewed advisories
All unreviewed
5,000+
234 advisories
Filter by severity
A vulnerability exists in the too permissive HTTP response header web server settings of the...
High
Unreviewed
CVE-2024-2377
was published
Apr 30, 2024
Keycloak's unvalidated cross-origin messages in checkLoginIframe leads to DDoS
High
CVE-2024-1249
was published
for
org.keycloak:keycloak-services
(Maven)
Apr 17, 2024
Keycloak path traversal vulnerability in the redirect validation
High
CVE-2024-2419
was published
for
org.keycloak:keycloak-services
(Maven)
Apr 17, 2024
Brocade
Web Interface in Brocade Fabric OS v9.x and before v9.2.0 does not
properly represent...
Moderate
Unreviewed
CVE-2023-5973
was published
Apr 5, 2024
The Kossy module before 0.60 for Perl allows JSON hijacking because of X-Requested-With mishandling.
Critical
Unreviewed
CVE-2021-47157
was published
Mar 18, 2024
A flaw was found in the Open Virtual Network (OVN). In OVN clusters where BFD is used between...
Moderate
Unreviewed
CVE-2024-2182
was published
Mar 12, 2024
An unauthenticated remote attacker can perform a remote code execution due to an origin...
Moderate
Unreviewed
CVE-2024-25996
was published
Mar 12, 2024
IBM Cognos Analytics 11.1.7, 11.2.4, and 12.0.0 could be vulnerable to information leakage due to...
Moderate
Unreviewed
CVE-2023-30996
was published
Feb 26, 2024
Fiber has Insecure CORS Configuration, Allowing Wildcard Origin with Credentials
Critical
CVE-2024-25124
was published
for
github.com/gofiber/fiber/v2
(Go)
Feb 22, 2024
MeshCentral cross-site websocket hijacking (CSWSH) vulnerability
High
CVE-2024-26135
was published
for
meshcentral
(npm)
Feb 21, 2024
An unauthenticated attacker can send a ping request from one network to another through an error...
Moderate
Unreviewed
CVE-2024-24782
was published
Feb 13, 2024
Classic builder cache poisoning
Moderate
CVE-2024-24557
was published
for
github.com/docker/docker
(Go)
Feb 1, 2024
A remote code execution vulnerability was found in Shim. The Shim boot support trusts attacker...
High
Unreviewed
CVE-2023-40547
was published
Jan 25, 2024
Cross-site WebSocket hijacking vulnerability in the Jenkins CLI
High
CVE-2024-23898
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
Jan 24, 2024
Incorrect security UI in Payments in Google Chrome prior to 121.0.6167.85 allowed a remote...
Moderate
Unreviewed
CVE-2024-0814
was published
Jan 24, 2024
A plug-in manager origin validation vulnerability in the Trend Micro Apex One security agent...
High
Unreviewed
CVE-2023-47200
was published
Jan 23, 2024
An origin validation vulnerability in the Trend Micro Apex One security agent could allow a local...
High
Unreviewed
CVE-2023-47199
was published
Jan 23, 2024
An origin validation vulnerability in the Trend Micro Apex One security agent could allow a local...
High
Unreviewed
CVE-2023-47193
was published
Jan 23, 2024
An origin validation vulnerability in the Trend Micro Apex One security agent could allow a local...
High
Unreviewed
CVE-2023-47195
was published
Jan 23, 2024
An origin validation vulnerability in the Trend Micro Apex One security agent could allow a local...
High
Unreviewed
CVE-2023-47197
was published
Jan 23, 2024
An origin validation vulnerability in the Trend Micro Apex One security agent could allow a local...
High
Unreviewed
CVE-2023-47194
was published
Jan 23, 2024
An origin validation vulnerability in the Trend Micro Apex One security agent could allow a local...
High
Unreviewed
CVE-2023-47196
was published
Jan 23, 2024
An origin validation vulnerability in the Trend Micro Apex One security agent could allow a local...
High
Unreviewed
CVE-2023-47198
was published
Jan 23, 2024
A phishing site could have repurposed an `about:` dialog to show phishing content with an...
Moderate
Unreviewed
CVE-2024-0749
was published
Jan 23, 2024
A vulnerability in the AnyConnect SSL VPN feature of Cisco Adaptive Security Appliance (ASA)...
Moderate
Unreviewed
CVE-2023-20275
was published
Dec 12, 2023
ProTip!
Advisories are also available from the
GraphQL API