GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,132
Erlang
29
GitHub Actions
19
Go
1,937
Maven
5,000+
npm
3,676
NuGet
642
pip
3,292
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+
68 advisories
Filter by severity
Apache Tomcat improperly escapes input from JsonErrorReportValve
High
CVE-2022-45143
was published
for
org.apache.tomcat.embed:tomcat-embed-core
(Maven)
Jan 3, 2023
Improper escaping in XWiki Platform
High
CVE-2020-13654
was published
for
org.xwiki.platform:xwiki-platform-web
(Maven)
Feb 9, 2022
Croc sender may place ANSI or CSI escape sequences in filename to attach receiver's terminal device
High
CVE-2023-43620
was published
for
github.com/schollz/croc/v9
(Go)
Sep 20, 2023
A host whitelist parser issue in the proxy service implemented in the GravityZone Update Server...
High
Unreviewed
CVE-2024-4177
was published
Jun 6, 2024
An issue in dc2niix before v.1.0.20240202 allows a local attacker to execute arbitrary code via...
High
Unreviewed
CVE-2024-27629
was published
Jun 29, 2024
Encoding problem in mod_proxy in Apache HTTP Server 2.4.59 and earlier allows request URLs with...
High
Unreviewed
CVE-2024-38473
was published
Jul 1, 2024
Windows App Installer Spoofing Vulnerability
High
Unreviewed
CVE-2024-38177
was published
Aug 13, 2024
In shouldRestrictOverlayActivities of UsbProfileGroupSettingsManager.java, there is a possible...
High
Unreviewed
CVE-2024-34739
was published
Aug 16, 2024
ansible-runner vulnerable to shell command injection
High
CVE-2021-4041
was published
for
ansible-runner
(pip)
Aug 25, 2022
Apache Airflow vulnerable to Improper Encoding or Escaping of Output
High
CVE-2024-45498
was published
for
apache-airflow
(pip)
Sep 7, 2024
Vulnerability of input parameters being not strictly verified in the PMS module. Successful...
High
Unreviewed
CVE-2023-39386
was published
Aug 13, 2023
Vulnerability of input parameter verification in certain APIs in the window management module....
High
Unreviewed
CVE-2023-39390
was published
Aug 13, 2023
Input verification vulnerability in the storage module. Successful exploitation of this...
High
Unreviewed
CVE-2023-39381
was published
Aug 13, 2023
Input verification vulnerability in the audio module. Successful exploitation of this...
High
Unreviewed
CVE-2023-39382
was published
Aug 13, 2023
An unauthenticated local attacker can gain admin privileges by deploying a config file due to...
High
Unreviewed
CVE-2024-45271
was published
Oct 15, 2024
HAProxy before 2.8.2 accepts # as part of the URI component, which might allow remote attackers...
High
Unreviewed
CVE-2023-45539
was published
Nov 28, 2023
Docker Desktop before v4.34.3 allows RCE via unsanitized GitHub source link in Build view.
High
Unreviewed
CVE-2024-9348
was published
Oct 16, 2024
Account users in Apache CloudStack by default are allowed to upload and register templates for...
High
Unreviewed
CVE-2024-45219
was published
Oct 16, 2024
ProTip!
Advisories are also available from the
GraphQL API