GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,941
Erlang
29
GitHub Actions
16
Go
1,722
Maven
4,952
npm
3,481
NuGet
605
pip
3,049
Pub
10
RubyGems
832
Rust
778
Swift
34
Unreviewed advisories
All unreviewed
5,000+
10,384 advisories
Filter by severity
In mintplex-labs/anything-llm, an attacker can exploit improper input validation by sending a...
Critical
Unreviewed
CVE-2024-3029
was published
Apr 16, 2024
A specific malformed fragmented packet type (fragmented packets may be generated automatically...
High
Unreviewed
CVE-2024-3493
was published
Apr 16, 2024
An input validation vulnerability exists in the Rockwell Automation 5015-AENFTXT that causes the...
High
Unreviewed
CVE-2024-2424
was published
Apr 16, 2024
The Web interface of Evolution Controller Versions 2.04.560.31.03.2024 and below does not proper...
High
Unreviewed
CVE-2024-29838
was published
Apr 15, 2024
An Improper Input Validation vulnerability in Juniper Tunnel Driver (jtd) and ICMP module of...
Moderate
Unreviewed
CVE-2024-21590
was published
Apr 12, 2024
A command injection vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS...
Critical
Unreviewed
CVE-2024-3400
was published
Apr 12, 2024
A flaw was found in FreeIPA. This issue may allow a remote attacker to craft a HTTP request with...
Moderate
Unreviewed
CVE-2024-1481
was published
Apr 10, 2024
In mintplex-labs/anything-llm, an improper input validation vulnerability allows attackers to...
Moderate
Unreviewed
CVE-2024-3101
was published
Apr 10, 2024
A packet processing mechanism in Palo Alto Networks PAN-OS software enables a remote attacker to...
High
Unreviewed
CVE-2024-3385
was published
Apr 10, 2024
A Denial of Service (Dos) vulnerability in Nozomi Networks Guardian, caused by improper input...
High
Unreviewed
CVE-2024-0218
was published
Apr 10, 2024
Adobe Commerce versions 2.4.6-p4, 2.4.5-p6, 2.4.4-p7, 2.4.7-beta3 and earlier are affected by an...
Critical
Unreviewed
CVE-2024-20758
was published
Apr 10, 2024
HTTP/2 CONTINUATION DoS attack can cause Apache Traffic Server to consume more resources on the...
Unknown
Unreviewed
CVE-2024-31309
was published
Apr 10, 2024
mysql2 cache poisoning vulnerability
Moderate
CVE-2024-21507
was published
for
mysql2
(npm)
Apr 10, 2024
Apache Zeppelin: LDAP search filter query Injection Vulnerability
Moderate
CVE-2024-31867
was published
for
org.apache.zeppelin:zeppelin-server
(Maven)
Apr 9, 2024
Windows rndismp6.sys Remote Code Execution Vulnerability
Moderate
Unreviewed
CVE-2024-26253
was published
Apr 9, 2024
Secure Boot Security Feature Bypass Vulnerability
High
Unreviewed
CVE-2024-26240
was published
Apr 9, 2024
Secure Boot Security Feature Bypass Vulnerability
Moderate
Unreviewed
CVE-2024-28897
was published
Apr 9, 2024
Secure Boot Security Feature Bypass Vulnerability
High
Unreviewed
CVE-2024-26189
was published
Apr 9, 2024
Apache Zeppelin: Cron arbitrary user impersonation with improper privileges
Moderate
CVE-2024-31865
was published
for
org.apache.zeppelin:zeppelin-server
(Maven)
Apr 9, 2024
Apache Zeppelin: Denial of service with invalid notebook name
Moderate
CVE-2024-31862
was published
for
org.apache.zeppelin:zeppelin-server
(Maven)
Apr 9, 2024
Apache Zeppelin SAP: connecting to a malicious SAP server allowed it to perform XXE
Moderate
CVE-2022-47894
was published
for
org.apache.zeppelin:sap
(Maven)
Apr 9, 2024
Apache Zeppelin Path Traversal vulnerability
Moderate
CVE-2024-31860
was published
for
org.apache.zeppelin:zeppelin-server
(Maven)
Apr 9, 2024
Out-of-bounds write vulnerability in the RSMC module.
Impact: Successful exploitation of this...
Unknown
Unreviewed
CVE-2023-52385
was published
Apr 8, 2024
Input verification vulnerability in the log module.
Impact: Successful exploitation of this...
Unknown
Unreviewed
CVE-2024-27896
was published
Apr 8, 2024
ProTip!
Advisories are also available from the
GraphQL API