GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
2,000
Maven
5,000+
npm
3,711
NuGet
661
pip
3,383
Pub
11
RubyGems
885
Rust
849
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
380 advisories
Filter by severity
On Windows systems, the Arc configuration files resulted to be world-readable.
This can lead...
Moderate
Unreviewed
CVE-2023-5937
was published
May 15, 2024
A low privileged remote attacker may gain access to forbidden diagnostic data due to incorrect...
Moderate
Unreviewed
CVE-2024-41970
was published
Nov 18, 2024
Permission control vulnerability in the Bluetooth module.
Impact: Successful exploitation of this...
Moderate
Unreviewed
CVE-2023-52554
was published
Apr 8, 2024
The vCenter Server contains a denial-of-service vulnerability. A malicious actor with network...
Moderate
Unreviewed
CVE-2024-37087
was published
Jun 25, 2024
Affected versions of Atlassian Jira Service Management Server and Data Center allow remote...
Moderate
Unreviewed
CVE-2022-36800
was published
Aug 4, 2022
An incorrect permission assignment in the TopoGrafix DataPlugin for GPX could result in...
Moderate
Unreviewed
CVE-2023-5136
was published
Nov 8, 2023
The session cookie in MailGates and MailAudit from Openfind does not have the HttpOnly flag...
Moderate
Unreviewed
CVE-2024-6739
was published
Jul 15, 2024
Incorrect Permission Assignment for Critical Resource vulnerability in OpenText™ Vertica could...
Moderate
Unreviewed
CVE-2024-6360
was published
Oct 2, 2024
Under certain condition SAP NetWeaver (Enterprise Portal) - version 7.50 allows an attacker to...
Moderate
Unreviewed
CVE-2024-25645
was published
Mar 12, 2024
Under certain conditions SAP NetWeaver WSRM - version 7.50, allows an attacker to access...
Moderate
Unreviewed
CVE-2024-25644
was published
Mar 12, 2024
SAP NetWeaver Application Server (ABAP) - versions KERNEL 7.53, KERNEL 7.54, KERNEL 7.77, KERNEL...
Moderate
Unreviewed
CVE-2024-24740
was published
Feb 13, 2024
Under certain conditions, Support Web Pages of SAP NetWeaver Process Integration (PI) - versions...
Moderate
Unreviewed
CVE-2024-28163
was published
Mar 12, 2024
Docker instances in Brocade SANnav before v2.3.1 and v2.3.0a have an insecure architecture and...
Moderate
Unreviewed
CVE-2024-29964
was published
Apr 19, 2024
Insecure inherited permissions in some Intel(R) HID Event Filter software installers before...
Moderate
Unreviewed
CVE-2024-25561
was published
Aug 14, 2024
Insecure inherited permissions in some Flexlm License Daemons for Intel(R) FPGA software before...
Moderate
Unreviewed
CVE-2024-23908
was published
Aug 14, 2024
Lax permissions set by the Apache Portable Runtime library on Unix platforms would allow local...
Moderate
Unreviewed
CVE-2023-49582
was published
Aug 26, 2024
IBM App Connect Enterprise Certified Container 5.0, 7.1, 7.2, 8.0, 8.1, 8.2, 9.0, 9.1, 9.2, 10.0,...
Moderate
Unreviewed
CVE-2022-43915
was published
Aug 24, 2024
A vulnerability exists in the Rockwell Automation ThinManager® ThinServer that allows a threat...
Moderate
Unreviewed
CVE-2024-7986
was published
Aug 23, 2024
A privilege escalation (PE) vulnerability in the Palo Alto Networks GlobalProtect app on Windows...
Moderate
Unreviewed
CVE-2024-5915
was published
Aug 14, 2024
Insecure inherited permissions in some Intel(R) NUC Pro Software Suite installation software...
Moderate
Unreviewed
CVE-2022-41700
was published
Nov 14, 2023
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1)....
Moderate
Unreviewed
CVE-2024-39875
was published
Jul 9, 2024
A flaw was found in argocd. Any unprivileged user is able to deploy argocd in their namespace and...
Moderate
Unreviewed
CVE-2021-3557
was published
Feb 17, 2022
This vulnerability exists in SyroTech SY-GPON-1110-WDONT Router due to missing HTTPOnly flag for...
Moderate
Unreviewed
CVE-2024-41685
was published
Jul 26, 2024
An issue was discovered in Axigen Mail Server for Windows versions 10.5.18 and before, allows...
Moderate
Unreviewed
CVE-2024-28589
was published
Apr 3, 2024
A vulnerability in the boot process of Cisco IOS XR Software could allow an authenticated, local...
Moderate
Unreviewed
CVE-2024-20456
was published
Jul 10, 2024
ProTip!
Advisories are also available from the
GraphQL API