Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,270
Erlang
31
GitHub Actions
21
Go
2,044
Maven
5,000+
npm
3,736
NuGet
663
pip
3,414
Pub
12
RubyGems
891
Rust
868
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

134 advisories

Loading
Vulnerability of HwWatchHealth being hijacked.Successful exploitation of this vulnerability may... Moderate Unreviewed
CVE-2023-34157 was published Jun 16, 2023
Authentication Bypass by Spoofing vulnerability in Michal Novák Secure Admin IP allows... Moderate Unreviewed
CVE-2023-41133 was published Dec 13, 2024
PAX Technology A930 PayDroid_7.1.1_Virgo_V04.5.02_20220722 allows attackers to compile a... Moderate Unreviewed
CVE-2023-27199 was published Jul 5, 2023
An attacker could cause a select dropdown to be shown over another tab; this could have led to... Moderate Unreviewed
CVE-2024-11692 was published Nov 26, 2024
The incorrect domain may have been displayed in the address bar during an interrupted navigation... Moderate Unreviewed
CVE-2024-11701 was published Nov 26, 2024
In Malwarebytes EDR 1.0.11 for Linux, it is possible to bypass the detection layers that depend... Moderate Unreviewed
CVE-2023-29147 was published Jun 30, 2023
The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.1, macOS... Moderate Unreviewed
CVE-2023-42889 was published Feb 21, 2024
A user who enables full-screen mode on a specially crafted web page could potentially be... Moderate Unreviewed
CVE-2024-9391 was published Oct 1, 2024
An issue in Annonshop.app DecentralizeJustice/ anonymousLocker commit 2b2b4 allows attackers to... Moderate Unreviewed
CVE-2024-36588 was published Jun 13, 2024
Click Studios Passwordstate Core before 9.8 build 9858 allows Authentication Bypass. Moderate Unreviewed
CVE-2024-39337 was published Jun 24, 2024
DESIGNA ABACUS v.18 and before allows an attacker to bypass the payment process via a crafted QR... Moderate Unreviewed
CVE-2024-31802 was published Jun 27, 2024
An issue was discovered in GNOME GLib before 2.78.5, and 2.79.x and 2.80.x before 2.80.1. When a... Moderate Unreviewed
CVE-2024-34397 was published May 7, 2024
Entrust Instant Financial Issuance (On Premise) Software (formerly known as Cardwizard) 6.10.0, 6... Moderate Unreviewed
CVE-2024-39341 was published Sep 23, 2024
HCL DevOps Deploy / HCL Launch does not invalidate session after logout which could allow an... Moderate Unreviewed
CVE-2024-23558 was published Apr 15, 2024
This issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.4. A... Moderate Unreviewed
CVE-2024-27853 was published Jul 30, 2024
If a site had been granted the permission to open popup windows, it could cause Select elements... Moderate Unreviewed
CVE-2024-8386 was published Sep 3, 2024
QUIC in HAProxy 3.1.x before 3.1-dev7, 3.0.x before 3.0.5, and 2.9.x before 2.9.11 allows opening... Moderate Unreviewed
CVE-2024-49214 was published Oct 14, 2024
A vulnerability in the Network Service Group (NSG) feature of Cisco Adaptive Security Appliance ... Moderate Unreviewed
CVE-2024-20384 was published Oct 23, 2024
A vulnerability in the AnyConnect firewall for Cisco Adaptive Security Appliance (ASA) Software... Moderate Unreviewed
CVE-2024-20297 was published Oct 23, 2024
A vulnerability in the AnyConnect firewall for Cisco Adaptive Security Appliance (ASA) Software... Moderate Unreviewed
CVE-2024-20299 was published Oct 23, 2024
Azure Active Directory Pod Identity Spoofing Vulnerability Moderate Unreviewed
CVE-2021-1677 was published May 24, 2022
An issue has been discovered in GitLab CE/EE affecting all versions before 16.9.6, all versions... Moderate Unreviewed
CVE-2024-1347 was published Apr 25, 2024
In WS_FTP Server versions before 8.8.8 (2022.0.8), a Missing Critical Step in Multi-Factor... Moderate Unreviewed
CVE-2024-7745 was published Aug 28, 2024
Typecho v1.3.0 was discovered to contain a race condition vulnerability in the post commenting... Moderate Unreviewed
CVE-2024-35539 was published Aug 19, 2024
Typecho v1.3.0 was discovered to contain a Client IP Spoofing vulnerability, which allows... Moderate Unreviewed
CVE-2024-35538 was published Aug 19, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database