Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,715
Erlang
34
GitHub Actions
28
Go
2,302
Maven
5,000+
npm
3,946
NuGet
711
pip
3,716
Pub
12
RubyGems
920
Rust
964
Swift
38
Unreviewed advisories
All unreviewed
5,000+

196 advisories

Loading
An issue was discovered in GNOME GLib before 2.78.5, and 2.79.x and 2.80.x before 2.80.1. When a... Moderate Unreviewed
CVE-2024-34397 was published May 7, 2024
CoreDNS Cache Poisoning via a birthday attack Moderate
CVE-2023-30464 was published for github.com/coredns/coredns (Go) Sep 18, 2024
DESIGNA ABACUS v.18 and before allows an attacker to bypass the payment process via a crafted QR... Moderate Unreviewed
CVE-2024-31802 was published Jun 27, 2024
2FA bypass in Wagtail through new device path Moderate
CVE-2019-16766 was published for wagtail-2fa (pip) Nov 29, 2019
Click Studios Passwordstate Core before 9.8 build 9858 allows Authentication Bypass. Moderate Unreviewed
CVE-2024-39337 was published Jun 24, 2024
An issue in Annonshop.app DecentralizeJustice/ anonymousLocker commit 2b2b4 allows attackers to... Moderate Unreviewed
CVE-2024-36588 was published Jun 13, 2024
A user who enables full-screen mode on a specially crafted web page could potentially be... Moderate Unreviewed
CVE-2024-9391 was published Oct 1, 2024
The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.1, macOS... Moderate Unreviewed
CVE-2023-42889 was published Feb 21, 2024
In Malwarebytes EDR 1.0.11 for Linux, it is possible to bypass the detection layers that depend... Moderate Unreviewed
CVE-2023-29147 was published Jun 30, 2023
The incorrect domain may have been displayed in the address bar during an interrupted navigation... Moderate Unreviewed
CVE-2024-11701 was published Nov 26, 2024
An attacker could cause a select dropdown to be shown over another tab; this could have led to... Moderate Unreviewed
CVE-2024-11692 was published Nov 26, 2024
PAX Technology A930 PayDroid_7.1.1_Virgo_V04.5.02_20220722 allows attackers to compile a... Moderate Unreviewed
CVE-2023-27199 was published Jul 5, 2023
Authentication Bypass by Spoofing vulnerability in Michal Novák Secure Admin IP allows... Moderate Unreviewed
CVE-2023-41133 was published Dec 13, 2024
Vulnerability of HwWatchHealth being hijacked.Successful exploitation of this vulnerability may... Moderate Unreviewed
CVE-2023-34157 was published Jun 16, 2023
An IDOR vulnerability in the manage-notes.php module in PHPGurukul Online Notes Sharing... Moderate Unreviewed
CVE-2024-55232 was published Dec 19, 2024
Windows NTLM Spoofing Vulnerability. Moderate Unreviewed
CVE-2022-35770 was published Oct 12, 2022
An issue has been discovered in GitLab CE/EE affecting all versions before 15.10.8, all versions... Moderate Unreviewed
CVE-2023-2001 was published Jun 7, 2023
IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 is vulnerable to external service interaction... Moderate Unreviewed
CVE-2022-22364 was published May 3, 2024
Race in Frames in Google Chrome prior to 132.0.6834.83 allowed a remote attacker who convinced a... Moderate Unreviewed
CVE-2025-0439 was published Jan 15, 2025
Inappropriate implementation in Fullscreen in Google Chrome on Windows prior to 132.0.6834.83... Moderate Unreviewed
CVE-2025-0440 was published Jan 15, 2025
Inappropriate implementation in Payments in Google Chrome prior to 132.0.6834.83 allowed a remote... Moderate Unreviewed
CVE-2025-0442 was published Jan 15, 2025
Authentication Bypass by Spoofing vulnerability in BestWebSoft Google Captcha allows Identity... Moderate Unreviewed
CVE-2025-24628 was published Jan 27, 2025
Apache Hive vulnerable to Observable Timing Discrepancy and Authentication Bypass by Spoofing Moderate
CVE-2024-23953 was published for org.apache.hive:hive-llap-common (Maven) Jan 28, 2025
The device ID is based on IMEI in Forever KidsWatch Call Me KW50 R36_YDR_A3PW_GM7S_V1... Moderate Unreviewed
CVE-2024-36557 was published Feb 6, 2025
Apache Zeppelin: Replacing other users notebook, bypassing any permissions Moderate
CVE-2024-31863 was published for org.apache.zeppelin:zeppelin-server (Maven) Apr 9, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database