Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,273
Erlang
31
GitHub Actions
21
Go
2,055
Maven
5,000+
npm
3,739
NuGet
668
pip
3,417
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+

281 advisories

Loading
A clipboard "paste" button could persist across tabs which allowed a spoofing attack. This... High Unreviewed
CVE-2024-10465 was published Oct 29, 2024
Truncation of a long URL could have allowed origin spoofing in a permission prompt. This... High Unreviewed
CVE-2024-10462 was published Oct 29, 2024
If a site had been granted the permission to open popup windows, it could cause Select elements... Moderate Unreviewed
CVE-2024-8386 was published Sep 3, 2024
This issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.4. A... Moderate Unreviewed
CVE-2024-27853 was published Jul 30, 2024
HCL DevOps Deploy / HCL Launch does not invalidate session after logout which could allow an... Moderate Unreviewed
CVE-2024-23558 was published Apr 15, 2024
Entrust Instant Financial Issuance (On Premise) Software (formerly known as Cardwizard) 6.10.0, 6... Moderate Unreviewed
CVE-2024-39341 was published Sep 23, 2024
An inconsistent user interface issue was addressed with improved state management. This issue is... High Unreviewed
CVE-2023-42843 was published Feb 21, 2024
The Online-Ausweis-Funktion eID scheme in the German National Identity card through 2024-02-15... Critical Unreviewed
CVE-2024-23674 was published Feb 16, 2024
When using IPAuthenticationProvider in ZooKeeper Admin Server there is a possibility of... Critical Unreviewed
CVE-2024-51504 was published Nov 7, 2024
CWE-290: Authentication Bypass by Spoofing vulnerability exists that could cause a denial of... High Unreviewed
CVE-2024-8935 was published Nov 13, 2024
SMTP smuggling in Apache James High
CVE-2023-51747 was published for org.apache.james:james-server (Maven) Feb 27, 2024
oscerd
An issue was discovered in GNOME GLib before 2.78.5, and 2.79.x and 2.80.x before 2.80.1. When a... Moderate Unreviewed
CVE-2024-34397 was published May 7, 2024
When opening a website using the `firefox://` protocol handler, SameSite cookies were not... High Unreviewed
CVE-2024-1555 was published Feb 20, 2024
Grafana Escalation from admin to server admin when auth proxy is used High
CVE-2022-35957 was published for github.com/grafana/grafana (Go) May 14, 2024
CoreDNS Cache Poisoning via a birthday attack Moderate
CVE-2023-30464 was published for github.com/coredns/coredns (Go) Sep 18, 2024
Keycloak vulnerable to impersonation via logout token exchange Low
CVE-2023-0657 was published for org.keycloak:keycloak-services (Maven) Apr 17, 2024
DESIGNA ABACUS v.18 and before allows an attacker to bypass the payment process via a crafted QR... Moderate Unreviewed
CVE-2024-31802 was published Jun 27, 2024
2FA bypass in Wagtail through new device path Moderate
CVE-2019-16766 was published for wagtail-2fa (pip) Nov 29, 2019
Click Studios Passwordstate Core before 9.8 build 9858 allows Authentication Bypass. Moderate Unreviewed
CVE-2024-39337 was published Jun 24, 2024
An issue in Annonshop.app DecentralizeJustice/ anonymousLocker commit 2b2b4 allows attackers to... Moderate Unreviewed
CVE-2024-36588 was published Jun 13, 2024
A user who enables full-screen mode on a specially crafted web page could potentially be... Moderate Unreviewed
CVE-2024-9391 was published Oct 1, 2024
The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.1, macOS... Moderate Unreviewed
CVE-2023-42889 was published Feb 21, 2024
In Malwarebytes EDR 1.0.11 for Linux, it is possible to bypass the detection layers that depend... Moderate Unreviewed
CVE-2023-29147 was published Jun 30, 2023
The incorrect domain may have been displayed in the address bar during an interrupted navigation... Moderate Unreviewed
CVE-2024-11701 was published Nov 26, 2024
An attacker could cause a select dropdown to be shown over another tab; this could have led to... Moderate Unreviewed
CVE-2024-11692 was published Nov 26, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database