GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,902
Maven
5,000+
npm
3,631
NuGet
638
pip
3,246
Pub
10
RubyGems
863
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
9,757 advisories
Filter by severity
In JetBrains TeamCity before 2024.07.1 self XSS was possible in the HashiCorp Vault plugin
Low
Unreviewed
CVE-2024-43808
was published
Aug 16, 2024
In Xpdf 4.05 (and earlier), a PDF object loop in a pattern resource leads to infinite recursion...
Low
Unreviewed
CVE-2024-7866
was published
Aug 15, 2024
In Xpdf 4.05 (and earlier), invalid header info in a DCT (JPEG) stream can lead to an...
Low
Unreviewed
CVE-2024-7868
was published
Aug 15, 2024
In Xpdf 4.05 (and earlier), very large coordinates in a page box can cause an integer overflow...
Low
Unreviewed
CVE-2024-7867
was published
Aug 15, 2024
Improper input validation for some Intel(R) Distribution for GDB software before version 2024.0.1...
Low
Unreviewed
CVE-2024-24973
was published
Aug 14, 2024
Improper initialization for the Intel(R) PROSet/Wireless and Intel(R) Killer(TM) Wi-Fi software...
Low
Unreviewed
CVE-2023-35061
was published
Aug 14, 2024
An insufficient session expiration vulnerability [CWE-613] vulnerability in FortiOS 7.2.5 and...
Low
Unreviewed
CVE-2022-45862
was published
Aug 13, 2024
Insufficient input validation in the ABL may allow a privileged
attacker with access to the BIOS...
Low
Unreviewed
CVE-2021-46772
was published
Aug 13, 2024
Improper input validation in SMU may allow an attacker with privileges and a compromised physical...
Low
Unreviewed
CVE-2023-31304
was published
Aug 13, 2024
Improper validation of array index in Power Management Firmware (PMFW) may allow a privileged...
Low
Unreviewed
CVE-2023-31307
was published
Aug 13, 2024
Generation of weak and predictable Initialization Vector (IV) in PMFW (Power Management Firmware)...
Low
Unreviewed
CVE-2023-31305
was published
Aug 13, 2024
An insufficient bounds check in PMFW (Power Management Firmware) may allow an attacker to utilize...
Low
Unreviewed
CVE-2023-20513
was published
Aug 13, 2024
Insufficient access controls in ASP kernel may allow a
privileged attacker with access to AMD...
Low
Unreviewed
CVE-2021-26387
was published
Aug 13, 2024
Incomplete cleanup in the ASP may expose the Master Encryption Key (MEK) to a privileged attacker...
Low
Unreviewed
CVE-2023-20518
was published
Aug 13, 2024
Improper input validation in AMD μProf could allow an attacker to perform a write to an invalid...
Low
Unreviewed
CVE-2023-31366
was published
Aug 13, 2024
A hardcoded AES key in PMFW may result in a privileged attacker gaining access to the key,...
Low
Unreviewed
CVE-2023-20512
was published
Aug 13, 2024
A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions ...
Low
Unreviewed
CVE-2024-41907
was published
Aug 13, 2024
SAP BusinessObjects Business Intelligence
Platform allows an authenticated attacker to upload...
Low
Unreviewed
CVE-2024-41731
was published
Aug 13, 2024
SAP BusinessObjects Business Intelligence
Platform allows an authenticated attacker to upload...
Low
Unreviewed
CVE-2024-28166
was published
Aug 13, 2024
The Easy Digital Downloads – Sell Digital Files & Subscriptions (eCommerce Store + Payments Made...
Low
Unreviewed
CVE-2024-6692
was published
Aug 12, 2024
Ecosystem Agent version 4 < 4.5.1.2597 and Ecosystem Agent version 5 < 5.1.4.2473 did not...
Low
Unreviewed
CVE-2024-5445
was published
Aug 12, 2024
A NULL pointer dereference flaw was found in the ub_ctx_set_fwd function in Unbound. This issue...
Low
Unreviewed
CVE-2024-43167
was published
Aug 12, 2024
Setting SMS media allows to set GSM modem file. Later this file is used as Linux device. But due...
Low
Unreviewed
CVE-2024-22123
was published
Aug 12, 2024
Zabbix allows to configure SMS notifications. AT command injection occurs on "Zabbix Server"...
Low
Unreviewed
CVE-2024-22122
was published
Aug 12, 2024
NVIDIA CUDA Toolkit for all platforms contains a vulnerability in nvdisasm, where an attacker can...
Low
Unreviewed
CVE-2024-0102
was published
Aug 8, 2024
ProTip!
Advisories are also available from the
GraphQL API