GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,224
Erlang
31
GitHub Actions
19
Go
1,990
Maven
5,000+
npm
3,706
NuGet
661
pip
3,336
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+
267 advisories
Filter by severity
When opening a website using the `firefox://` protocol handler, SameSite cookies were not...
High
Unreviewed
CVE-2024-1555
was published
Feb 20, 2024
An issue was discovered in GNOME GLib before 2.78.5, and 2.79.x and 2.80.x before 2.80.1. When a...
Moderate
Unreviewed
CVE-2024-34397
was published
May 7, 2024
SMTP smuggling in Apache James
High
CVE-2023-51747
was published
for
org.apache.james:james-server
(Maven)
Feb 27, 2024
CWE-290: Authentication Bypass by Spoofing vulnerability exists that could cause a denial of...
High
Unreviewed
CVE-2024-8935
was published
Nov 13, 2024
When using IPAuthenticationProvider in ZooKeeper Admin Server there is a possibility of...
Critical
Unreviewed
CVE-2024-51504
was published
Nov 7, 2024
The Online-Ausweis-Funktion eID scheme in the German National Identity card through 2024-02-15...
Critical
Unreviewed
CVE-2024-23674
was published
Feb 16, 2024
Entrust Instant Financial Issuance (On Premise) Software (formerly known as Cardwizard) 6.10.0, 6...
Moderate
Unreviewed
CVE-2024-39341
was published
Sep 23, 2024
An inconsistent user interface issue was addressed with improved state management. This issue is...
High
Unreviewed
CVE-2023-42843
was published
Feb 21, 2024
HCL DevOps Deploy / HCL Launch does not invalidate session after logout which could allow an...
Moderate
Unreviewed
CVE-2024-23558
was published
Apr 15, 2024
This issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.4. A...
Moderate
Unreviewed
CVE-2024-27853
was published
Jul 30, 2024
If a site had been granted the permission to open popup windows, it could cause Select elements...
Moderate
Unreviewed
CVE-2024-8386
was published
Sep 3, 2024
A clipboard "paste" button could persist across tabs which allowed a spoofing attack. This...
High
Unreviewed
CVE-2024-10465
was published
Oct 29, 2024
Truncation of a long URL could have allowed origin spoofing in a permission prompt. This...
High
Unreviewed
CVE-2024-10462
was published
Oct 29, 2024
QUIC in HAProxy 3.1.x before 3.1-dev7, 3.0.x before 3.0.5, and 2.9.x before 2.9.11 allows opening...
Moderate
Unreviewed
CVE-2024-49214
was published
Oct 14, 2024
A vulnerability in the Network Service Group (NSG) feature of Cisco Adaptive Security Appliance ...
Moderate
Unreviewed
CVE-2024-20384
was published
Oct 23, 2024
A vulnerability in the AnyConnect firewall for Cisco Adaptive Security Appliance (ASA) Software...
Moderate
Unreviewed
CVE-2024-20299
was published
Oct 23, 2024
A vulnerability in the AnyConnect firewall for Cisco Adaptive Security Appliance (ASA) Software...
Moderate
Unreviewed
CVE-2024-20297
was published
Oct 23, 2024
pretix potential IP address spoofing vulnerability
Moderate
CVE-2023-44463
was published
for
pretix
(pip)
Oct 2, 2023
Zendesk before 2024-07-02 allows remote attackers to read ticket history via e-mail spoofing,...
High
Unreviewed
CVE-2024-49193
was published
Oct 12, 2024
Azure Active Directory Pod Identity Spoofing Vulnerability
Moderate
Unreviewed
CVE-2021-1677
was published
May 24, 2022
An issue has been discovered in GitLab CE/EE affecting all versions before 16.9.6, all versions...
Moderate
Unreviewed
CVE-2024-1347
was published
Apr 25, 2024
Mellium allows Authentication Bypass by Spoofing
Critical
CVE-2024-46957
was published
for
mellium.im/xmpp
(Go)
Sep 25, 2024
Authentication Bypass by Spoofing vulnerability in Peter Hardy-vanDoorn Maintenance Redirect...
Low
Unreviewed
CVE-2024-45453
was published
Sep 23, 2024
Verification check bypass in Gate One
Moderate
CVE-2020-19003
was published
for
gateone
(pip)
Oct 12, 2021
CoreDNS Cache Poisoning via a birthday attack
Low
CVE-2023-30464
was published
for
github.com/coredns/coredns
(Go)
Sep 18, 2024
ProTip!
Advisories are also available from the
GraphQL API