Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,941
Erlang
29
GitHub Actions
16
Go
1,722
Maven
4,952
npm
3,481
NuGet
605
pip
3,049
Pub
10
RubyGems
832
Rust
778
Swift
34
Unreviewed advisories
All unreviewed
5,000+

4,769 advisories

Arbitrary file deletion in litellm Moderate
CVE-2024-4888 was published for litellm (pip) Jun 6, 2024
A vulnerability in the web-based management interface of Cisco Finesse could allow an... Moderate Unreviewed
CVE-2024-20405 was published Jun 5, 2024
An improper authorization in Fortinet FortiWebManager version 7.2.0 and 7.0.0 through 7.0.4 and 6... Moderate Unreviewed
CVE-2024-23669 was published Jun 5, 2024
Missing security headers in Action Pack on non-HTML responses Moderate
CVE-2024-28103 was published for actionpack (RubyGems) Jun 4, 2024
shinkbr
Moodle ReCAPTCHA can be bypassed on the login page Moderate
CVE-2024-34009 was published for moodle/moodle (Composer) May 31, 2024
Moodle broken access control when setting calendar event type Moderate
CVE-2024-33996 was published for moodle/moodle (Composer) May 31, 2024
IBM Security Verify Access OIDC Provider 22.09 through 23.03 could disclose sensitive information... Moderate Unreviewed
CVE-2024-22338 was published May 31, 2024
TYPO3 Brute Force Protection Bypass in backend login Moderate
GHSA-jqr8-q455-xx45 was published for typo3/cms (Composer) May 30, 2024
Symfony has unsafe methods in the Request class Moderate
CVE-2015-2309 was published for symfony/http-foundation (Composer) May 30, 2024
Symfony has a security issue when parsing the Authorization header Moderate
CVE-2014-6061 was published for symfony/http-foundation (Composer) May 30, 2024
silverstripe/framework uploaded PHP script execution in assets Moderate
GHSA-f43j-8hq4-2xj9 was published for silverstripe/framework (Composer) May 27, 2024
Improper input validation in firmware for some Intel(R) FPGA products before version 2.9.1 may... Moderate Unreviewed
CVE-2024-22390 was published May 16, 2024
Improper input validation for some Intel(R) DLB driver software before version 8.5.0 may allow an... Moderate Unreviewed
CVE-2024-22015 was published May 16, 2024
Improper input validation for some Intel(R) PROSet/Wireless WiFi software for linux before... Moderate Unreviewed
CVE-2023-47210 was published May 16, 2024
Improper input validation in Intel(R) Media SDK software all versions may allow an authenticated... Moderate Unreviewed
CVE-2023-48368 was published May 16, 2024
Improper input validation in some Intel(R) TDX module software before version 1.5.05.46.698 may... Moderate Unreviewed
CVE-2023-47855 was published May 16, 2024
Improper input validation of EpsdSrMgmtConfig in UEFI firmware for some Intel(R) Server Board... Moderate Unreviewed
CVE-2023-22662 was published May 16, 2024
Improper input validation for some Intel(R) PROSet/Wireless WiFi software before version 23.20... Moderate Unreviewed
CVE-2023-38417 was published May 16, 2024
Laravel Guard bypass in Eloquent models Moderate
GHSA-44pg-c29v-hp6r was published for laravel/framework (Composer) May 15, 2024
Laravel Risk of mass-assignment vulnerabilities Moderate
GHSA-rj3w-99gc-8j58 was published for laravel/framework (Composer) May 15, 2024
Laravel Risk of mass-assignment vulnerabilities Moderate
GHSA-cc2w-ghc5-m5qr was published for illuminate/database (Composer) May 15, 2024
A vulnerability in Cisco AppDynamics Network Visibility Agent could allow an unauthenticated,... Moderate Unreviewed
CVE-2024-20394 was published May 15, 2024
File Upload vulnerability in unauthenticated session found in OpenText™ iManager 3.2.6.0200. The... Moderate Unreviewed
CVE-2024-3488 was published May 15, 2024
A Header Injection vulnerability in the JFrog platform in versions below 7.85.0 (SaaS) and 7.84.7... Moderate Unreviewed
CVE-2024-2248 was published May 15, 2024
Grafana Email addresses and usernames can not be trusted Moderate
CVE-2022-39306 was published for github.com/grafana/grafana (Go) May 14, 2024
ProTip! Advisories are also available from the GraphQL API