Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,723
Erlang
35
GitHub Actions
29
Go
2,306
Maven
5,000+
npm
3,947
NuGet
711
pip
3,727
Pub
12
RubyGems
920
Rust
964
Swift
38
Unreviewed advisories
All unreviewed
5,000+

198 advisories

Loading
Typecho v1.3.0 was discovered to contain a race condition vulnerability in the post commenting... Moderate Unreviewed
CVE-2024-35539 was published Aug 19, 2024
Inappropriate implementation in Views in Google Chrome prior to 128.0.6613.84 allowed a remote... Moderate Unreviewed
CVE-2024-7981 was published Aug 21, 2024
In WS_FTP Server versions before 8.8.8 (2022.0.8), a Missing Critical Step in Multi-Factor... Moderate Unreviewed
CVE-2024-7745 was published Aug 28, 2024
If a site had been granted the permission to open popup windows, it could cause Select elements... Moderate Unreviewed
CVE-2024-8386 was published Sep 3, 2024
Websites could utilize Javascript links to spoof URL addresses in the Focus navigation bar This... Moderate Unreviewed
CVE-2024-8399 was published Sep 3, 2024
Inappropriate implementation in Autofill in Google Chrome prior to 129.0.6668.58 allowed a remote... Moderate Unreviewed
CVE-2024-8908 was published Sep 17, 2024
CoreDNS Cache Poisoning via a birthday attack Moderate
CVE-2023-30464 was published for github.com/coredns/coredns (Go) Sep 18, 2024
Entrust Instant Financial Issuance (On Premise) Software (formerly known as Cardwizard) 6.10.0, 6... Moderate Unreviewed
CVE-2024-39341 was published Sep 23, 2024
A user who enables full-screen mode on a specially crafted web page could potentially be... Moderate Unreviewed
CVE-2024-9391 was published Oct 1, 2024
QUIC in HAProxy 3.1.x before 3.1-dev7, 3.0.x before 3.0.5, and 2.9.x before 2.9.11 allows opening... Moderate Unreviewed
CVE-2024-49214 was published Oct 14, 2024
A vulnerability in the AnyConnect firewall for Cisco Adaptive Security Appliance (ASA) Software... Moderate Unreviewed
CVE-2024-20297 was published Oct 23, 2024
A vulnerability in the AnyConnect firewall for Cisco Adaptive Security Appliance (ASA) Software... Moderate Unreviewed
CVE-2024-20299 was published Oct 23, 2024
A vulnerability in the Network Service Group (NSG) feature of Cisco Adaptive Security Appliance ... Moderate Unreviewed
CVE-2024-20384 was published Oct 23, 2024
An attacker could cause a select dropdown to be shown over another tab; this could have led to... Moderate Unreviewed
CVE-2024-11692 was published Nov 26, 2024
The incorrect domain may have been displayed in the address bar during an interrupted navigation... Moderate Unreviewed
CVE-2024-11701 was published Nov 26, 2024
Authentication Bypass by Spoofing vulnerability in Michal Novák Secure Admin IP allows... Moderate Unreviewed
CVE-2023-41133 was published Dec 13, 2024
An IDOR vulnerability in the manage-notes.php module in PHPGurukul Online Notes Sharing... Moderate Unreviewed
CVE-2024-55232 was published Dec 19, 2024
Inappropriate implementation in Extensions in Google Chrome prior to 132.0.6834.83 allowed a... Moderate Unreviewed
CVE-2025-0446 was published Jan 15, 2025
Race in Frames in Google Chrome prior to 132.0.6834.83 allowed a remote attacker who convinced a... Moderate Unreviewed
CVE-2025-0439 was published Jan 15, 2025
Inappropriate implementation in Navigation in Google Chrome on Android prior to 132.0.6834.83... Moderate Unreviewed
CVE-2025-0435 was published Jan 15, 2025
Inappropriate implementation in Fullscreen in Google Chrome on Windows prior to 132.0.6834.83... Moderate Unreviewed
CVE-2025-0440 was published Jan 15, 2025
Inappropriate implementation in Payments in Google Chrome prior to 132.0.6834.83 allowed a remote... Moderate Unreviewed
CVE-2025-0442 was published Jan 15, 2025
Authentication Bypass by Spoofing vulnerability in BestWebSoft Google Captcha allows Identity... Moderate Unreviewed
CVE-2025-24628 was published Jan 27, 2025
Apache Hive vulnerable to Observable Timing Discrepancy and Authentication Bypass by Spoofing Moderate
CVE-2024-23953 was published for org.apache.hive:hive-llap-common (Maven) Jan 28, 2025
The device ID is based on IMEI in Forever KidsWatch Call Me KW50 R36_YDR_A3PW_GM7S_V1... Moderate Unreviewed
CVE-2024-36557 was published Feb 6, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database