GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
101
GitHub Actions
54
Go
4,295
Maven
5,000+
npm
5,000+
NuGet
1,029
pip
5,000+
Pub
13
RubyGems
1,107
Rust
1,492
Swift
61
Unreviewed advisories
All unreviewed
5,000+
147 advisories
Filter by severity
Foxit PDF Reader exportXFAData Exposed Dangerous Method Remote Code Execution Vulnerability. This...
High
Unreviewed
CVE-2023-27363
was published
May 3, 2024
Foxit PDF Editor DOC File Parsing Exposed Dangerous Method Remote Code Execution Vulnerability....
High
Unreviewed
CVE-2023-27365
was published
May 3, 2024
Foxit PDF Editor XLS File Parsing Exposed Dangerous Method Remote Code Execution Vulnerability....
High
Unreviewed
CVE-2023-27364
was published
May 3, 2024
IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.2 could allow a privileged user to...
Moderate
Unreviewed
CVE-2024-27261
was published
Apr 12, 2024
A denial of service vulnerability exists in the TDDP functionality of Tp-Link AC1350 Wireless MU...
High
Unreviewed
CVE-2023-49074
was published
Apr 9, 2024
Voltronic Power ViewPower Pro updateManagerPassword Exposed Dangerous Function Authentication...
Critical
Unreviewed
CVE-2023-51573
was published
Apr 2, 2024
In JetBrains TeamCity before 2023.11 users with access to the agent machine might obtain...
Moderate
Unreviewed
CVE-2024-29880
was published
Mar 21, 2024
LangChain Experimental vulnerable to arbitrary code execution
Critical
CVE-2024-27444
was published
for
langchain-experimental
(pip)
Feb 26, 2024
An issue was discovered in MISP before 2.4.184. A client does not need to use POST to start an...
Critical
Unreviewed
CVE-2024-25675
was published
Feb 9, 2024
An attacker could potentially exploit this vulnerability, leading to the ability to modify files...
Critical
Unreviewed
CVE-2023-5389
was published
Jan 30, 2024
Duplicate Advisory: Privilege escalation in sap/cloud-security-client-go
Critical
GHSA-92cg-ghq6-9587
was published
for
github.com/sap/cloud-security-client-go
(Go)
Dec 12, 2023
•
withdrawn
Duplicate Advisory: Improper JWT Signature Validation in SAP Security Services Library
Critical
GHSA-gcgw-q47m-prvj
was published
for
com.sap.cloud.security.xsuaa:spring-xsuaa
(Maven)
Dec 12, 2023
•
withdrawn
Escalation of privileges in @sap/xssec
Critical
CVE-2023-49583
was published
for
@sap/xssec
(npm)
Dec 12, 2023
Duplicate Advisory: Privilege escalation in sap-xssec
Critical
GHSA-p99h-pfg6-qrfg
was published
for
sap-xssec
(pip)
Dec 12, 2023
•
withdrawn
In Delta Electronics InfraSuite Device Master v.1.0.7, a vulnerability exists that allows an...
Critical
Unreviewed
CVE-2023-39226
was published
Dec 1, 2023
When user authentication is not enabled the shell can execute commands with the highest...
Critical
Unreviewed
CVE-2023-40151
was published
Nov 21, 2023
EisBaer Scada - CWE-749: Exposed Dangerous Method or Function
Critical
Unreviewed
CVE-2023-42494
was published
Oct 25, 2023
cashIT! - serving solutions. Devices from "PoS/ Dienstleistung, Entwicklung & Vertrieb GmbH" to...
High
Unreviewed
CVE-2023-3655
was published
Oct 3, 2023
cashIT! - serving solutions. Devices from "PoS/ Dienstleistung, Entwicklung & Vertrieb GmbH" to...
Critical
Unreviewed
CVE-2023-3656
was published
Oct 3, 2023
The SolarWinds Platform was susceptible to the Incorrect Comparison Vulnerability. This...
High
Unreviewed
CVE-2023-23845
was published
Sep 14, 2023
The SolarWinds Platform was susceptible to the Incorrect Comparison Vulnerability. This...
High
Unreviewed
CVE-2023-23840
was published
Sep 14, 2023
?The affected product does not perform an authentication check and performs some dangerous...
Critical
Unreviewed
CVE-2023-40150
was published
Sep 11, 2023
Govee Home app has unprotected access to WebView component which can be opened by any app on the...
High
Unreviewed
CVE-2023-3612
was published
Sep 11, 2023
Exposure of sensitive information in Zoom Client SDK's before 5.15.5 may allow an authenticated...
High
Unreviewed
CVE-2023-39214
was published
Aug 9, 2023
?In Keysight Geolocation Server v2.4.2 and prior, a low privileged attacker could create a...
High
Unreviewed
CVE-2023-36853
was published
Jul 20, 2023
ProTip!
Advisories are also available from the
GraphQL API