GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,083
Erlang
29
GitHub Actions
19
Go
1,909
Maven
5,000+
npm
3,644
NuGet
638
pip
3,260
Pub
10
RubyGems
869
Rust
820
Swift
35
Unreviewed advisories
All unreviewed
5,000+
65 advisories
Filter by severity
Denial of service in quinn-proto when using `Endpoint::retry()`
High
CVE-2024-45311
was published
for
quinn-proto
(Rust)
Sep 3, 2024
Rockwell Automation was made aware of a vulnerability that causes all affected controllers on the...
Unknown
Unreviewed
CVE-2024-5659
was published
Jun 14, 2024
there is a possible way to bypass due to a logic error in the code. This could lead to local...
High
Unreviewed
CVE-2024-32896
was published
Jun 13, 2024
Keycloak's improper input validation allows using email as username
Low
GHSA-4vc8-pg5c-vg4x
was published
for
org.keycloak:keycloak-services
(Maven)
Jun 12, 2024
Contract balance not updating correctly after interchain transaction
High
CVE-2024-37153
was published
for
github.com/evmos/evmos/v10
(Go)
Jun 6, 2024
Requests `Session` object does not verify requests after making first request with verify=False
Moderate
CVE-2024-35195
was published
for
requests
(pip)
May 20, 2024
eZ Platform Rules to disable executable access are ignored on Platform.sh (eZ Cloud)
Moderate
GHSA-6xch-2vxx-5pvr
was published
for
ezsystems/ezplatform
(Composer)
May 15, 2024
An issue in phiola/src/afilter/conv.c:115 of phiola v2.0-rc22 allows a remote attacker to cause a...
Moderate
Unreviewed
CVE-2024-33431
was published
May 1, 2024
A malicious insider exploiting this vulnerability can circumvent existing security controls put...
Moderate
Unreviewed
CVE-2024-0313
was published
Mar 14, 2024
Insufficient authentication flow in Checkmk before 2.2.0p17, 2.1.0p37 and 2.0.0p39 allows...
High
Unreviewed
CVE-2023-31211
was published
Jan 12, 2024
OpenZeppelin Contracts and Contracts Upgradeable duplicated execution of subcalls in v4.9.4
Moderate
CVE-2023-49798
was published
for
@openzeppelin/contracts
(npm)
Dec 12, 2023
Always incorrect control flow in github.com/mojocn/base64Captcha
Moderate
CVE-2023-45292
was published
for
github.com/mojocn/base64Captcha
(Go)
Dec 12, 2023
Fiber unauthorized access vulnerability in `ctx.IsFromLocal()`
Moderate
CVE-2023-41338
was published
for
github.com/gofiber/fiber
(Go)
Sep 8, 2023
Electron's Content-Secrity-Policy disabling eval not applied consistently in renderers with sandbox disabled
High
CVE-2023-23623
was published
for
electron
(npm)
Sep 6, 2023
Trigger `beforeFind` not invoked in internal query pipeline when fetching pointer
High
CVE-2023-41058
was published
for
parse-server
(npm)
Sep 4, 2023
incorrect order of evaluation of side effects for some builtins
Moderate
CVE-2023-41052
was published
for
vyper
(pip)
Sep 4, 2023
Vyper: reversed order of side effects for some operations
Moderate
CVE-2023-40015
was published
for
vyper
(pip)
Sep 4, 2023
Insufficient control flow management in the Hyperscan Library maintained by Intel(R) before...
Moderate
Unreviewed
CVE-2023-28711
was published
Aug 11, 2023
Incorrect control flow in Jenkins Gradle Plugin breaks credentials masking in the build log
Moderate
CVE-2023-39152
was published
for
org.jenkins-ci.plugins:gradle
(Maven)
Jul 26, 2023
Vyper's nonpayable default functions are sometimes payable
Low
CVE-2023-32675
was published
for
vyper
(pip)
May 22, 2023
Incorrect success value returned in vyper
High
CVE-2023-30629
was published
for
vyper
(pip)
Apr 24, 2023
An issue was discovered in ONOS 2.5.1. Modification of an existing intent to have the same source...
High
Unreviewed
CVE-2022-29607
was published
Apr 20, 2023
An issue was discovered in ONOS 2.5.1. An intent with the same source and destination shows the...
Moderate
Unreviewed
CVE-2022-29609
was published
Apr 20, 2023
An issue was discovered in ONOS 2.5.1. IntentManager attempts to install the IPv6 flow rules of...
High
Unreviewed
CVE-2022-29605
was published
Apr 20, 2023
Memory corruption in modem due to improper input validation while handling the incoming CoAP message
Critical
Unreviewed
CVE-2022-25745
was published
Apr 13, 2023
ProTip!
Advisories are also available from the
GraphQL API