GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,869
Erlang
29
GitHub Actions
16
Go
1,717
Maven
4,951
npm
3,480
NuGet
605
pip
3,026
Pub
10
RubyGems
832
Rust
776
Swift
34
Unreviewed advisories
All unreviewed
5,000+
206 advisories
Filter by severity
An origin validation vulnerability exists in
BIG-IP APM browser network access VPN client
...
High
Unreviewed
CVE-2024-28883
was published
May 8, 2024
A vulnerability exists in the too permissive HTTP response header web server settings of the...
High
Unreviewed
CVE-2024-2377
was published
Apr 30, 2024
Keycloak's unvalidated cross-origin messages in checkLoginIframe leads to DDoS
High
CVE-2024-1249
was published
for
org.keycloak:keycloak-services
(Maven)
Apr 17, 2024
Keycloak path traversal vulnerability in the redirect validation
High
CVE-2024-2419
was published
for
org.keycloak:keycloak-services
(Maven)
Apr 17, 2024
Brocade
Web Interface in Brocade Fabric OS v9.x and before v9.2.0 does not
properly represent...
Moderate
Unreviewed
CVE-2023-5973
was published
Apr 5, 2024
A flaw was found in the Open Virtual Network (OVN). In OVN clusters where BFD is used between...
Moderate
Unreviewed
CVE-2024-2182
was published
Mar 12, 2024
An unauthenticated remote attacker can perform a remote code execution due to an origin...
Moderate
Unreviewed
CVE-2024-25996
was published
Mar 12, 2024
IBM Cognos Analytics 11.1.7, 11.2.4, and 12.0.0 could be vulnerable to information leakage due to...
Moderate
Unreviewed
CVE-2023-30996
was published
Feb 26, 2024
Fiber has Insecure CORS Configuration, Allowing Wildcard Origin with Credentials
Critical
CVE-2024-25124
was published
for
github.com/gofiber/fiber/v2
(Go)
Feb 22, 2024
MeshCentral cross-site websocket hijacking (CSWSH) vulnerability
High
CVE-2024-26135
was published
for
meshcentral
(npm)
Feb 21, 2024
An unauthenticated attacker can send a ping request from one network to another through an error...
Moderate
Unreviewed
CVE-2024-24782
was published
Feb 13, 2024
Classic builder cache poisoning
Moderate
CVE-2024-24557
was published
for
github.com/docker/docker
(Go)
Feb 1, 2024
A remote code execution vulnerability was found in Shim. The Shim boot support trusts attacker...
High
Unreviewed
CVE-2023-40547
was published
Jan 25, 2024
Cross-site WebSocket hijacking vulnerability in the Jenkins CLI
High
CVE-2024-23898
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
Jan 24, 2024
Incorrect security UI in Payments in Google Chrome prior to 121.0.6167.85 allowed a remote...
Moderate
Unreviewed
CVE-2024-0814
was published
Jan 24, 2024
An origin validation vulnerability in the Trend Micro Apex One security agent could allow a local...
High
Unreviewed
CVE-2023-47199
was published
Jan 23, 2024
A plug-in manager origin validation vulnerability in the Trend Micro Apex One security agent...
High
Unreviewed
CVE-2023-47200
was published
Jan 23, 2024
An origin validation vulnerability in the Trend Micro Apex One security agent could allow a local...
High
Unreviewed
CVE-2023-47196
was published
Jan 23, 2024
An origin validation vulnerability in the Trend Micro Apex One security agent could allow a local...
High
Unreviewed
CVE-2023-47197
was published
Jan 23, 2024
An origin validation vulnerability in the Trend Micro Apex One security agent could allow a local...
High
Unreviewed
CVE-2023-47195
was published
Jan 23, 2024
An origin validation vulnerability in the Trend Micro Apex One security agent could allow a local...
High
Unreviewed
CVE-2023-47193
was published
Jan 23, 2024
An origin validation vulnerability in the Trend Micro Apex One security agent could allow a local...
High
Unreviewed
CVE-2023-47198
was published
Jan 23, 2024
An origin validation vulnerability in the Trend Micro Apex One security agent could allow a local...
High
Unreviewed
CVE-2023-47194
was published
Jan 23, 2024
A phishing site could have repurposed an `about:` dialog to show phishing content with an...
Moderate
Unreviewed
CVE-2024-0749
was published
Jan 23, 2024
A vulnerability in the AnyConnect SSL VPN feature of Cisco Adaptive Security Appliance (ASA)...
Moderate
Unreviewed
CVE-2023-20275
was published
Dec 12, 2023
ProTip!
Advisories are also available from the
GraphQL API