GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,273
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,739
NuGet
668
pip
3,417
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+
62 advisories
Filter by severity
IBM Aspera Faspex 5.0.0 through 5.0.9 could allow a user to bypass intended access restrictions...
Moderate
Unreviewed
CVE-2024-45097
was published
Sep 5, 2024
Gateway API route matching order contradicts specification
Moderate
CVE-2024-42487
was published
for
github.com/cilium/cilium
(Go)
Aug 15, 2024
OpenStack Nova vulnerable to unauthorized access to potentially sensitive data
Moderate
CVE-2024-40767
was published
for
Nova
(pip)
Jul 24, 2024
Name confusion in x509 Subject Alternative Name fields
High
CVE-2023-52892
was published
for
phpseclib/phpseclib
(Composer)
Jun 28, 2024
url.c in GNU Wget through 1.24.5 mishandles semicolons in the userinfo subcomponent of a URI, and...
Critical
Unreviewed
CVE-2024-38428
was published
Jun 16, 2024
A vulnerability in the activation of an access control list (ACL) on Cisco Adaptive Security...
Moderate
Unreviewed
CVE-2024-20293
was published
May 22, 2024
btcd susceptible to consensus failures
Moderate
CVE-2024-34478
was published
for
github.com/btcsuite/btcd
(Go)
May 5, 2024
Softing Secure Integration Server Interpretation Conflict Remote Code Execution Vulnerability....
Moderate
Unreviewed
CVE-2023-39481
was published
May 3, 2024
An incorrect string comparison vulnerability in Palo Alto Networks PAN-OS software prevents...
Moderate
Unreviewed
CVE-2024-3386
was published
Apr 10, 2024
The console may experience a service interruption when processing file names with invalid...
Low
Unreviewed
CVE-2023-45715
was published
Mar 28, 2024
When a protocol selection parameter option disables all protocols without adding any then the...
Low
Unreviewed
CVE-2024-2004
was published
Mar 27, 2024
CarrierWave content-Type allowlist bypass vulnerability which possibly leads to XSS remained
Moderate
CVE-2024-29034
was published
for
carrierwave
(RubyGems)
Mar 25, 2024
IBM PowerSC 1.3, 2.0, and 2.1 uses insecure HTTP methods which could allow a remote attacker to...
Moderate
Unreviewed
CVE-2023-50327
was published
Feb 2, 2024
Bref vulnerable to Body Parsing Inconsistency in Event-Driven Functions
Low
CVE-2024-24754
was published
for
bref/bref
(Composer)
Feb 1, 2024
Bref Doesn't Support Multiple Value Headers in ApiGatewayFormatV2
Moderate
CVE-2024-24753
was published
for
bref/bref
(Composer)
Feb 1, 2024
Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting') in trillium-http and trillium-client
Moderate
CVE-2024-23644
was published
for
trillium-client
(Rust)
Jan 24, 2024
The vulnerability allows a remote attacker to inject arbitrary HTTP response headers or...
Moderate
Unreviewed
CVE-2023-48256
was published
Jan 10, 2024
A interpretation conflict in Fortinet IPS Engine versions 7.321, 7.166 and 6.158 allows attacker...
High
Unreviewed
CVE-2023-40718
was published
Oct 10, 2023
The HTTP/1 client does not fully validate the contents of the Host header. A maliciously crafted...
Moderate
Unreviewed
CVE-2023-29406
was published
Jul 11, 2023
In Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14, and Splunk Cloud Platform versions...
High
Unreviewed
CVE-2023-32708
was published
Jul 6, 2023
There is a misinterpretation of input vulnerability in Huawei Printer. Successful exploitation of...
High
Unreviewed
CVE-2022-48471
was published
Jun 16, 2023
There is a misinterpretation of input vulnerability in Huawei Printer. Successful exploitation of...
High
Unreviewed
CVE-2022-48473
was published
Jun 16, 2023
Improper Input Validation in nyholm/psr7
Moderate
GHSA-wjfc-pgfp-pv9c
was published
for
nyholm/psr7
(Composer)
Apr 21, 2023
Improper header validation in httpsoft/http-message
Moderate
GHSA-9jxr-mwpp-w643
was published
for
httpsoft/http-message
(Composer)
Apr 21, 2023
Improper header name validation in guzzlehttp/psr7
Moderate
CVE-2023-29197
was published
for
guzzlehttp/psr7
(Composer)
Apr 19, 2023
ProTip!
Advisories are also available from the
GraphQL API