Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,272
Erlang
31
GitHub Actions
21
Go
2,047
Maven
5,000+
npm
3,739
NuGet
668
pip
3,415
Pub
12
RubyGems
891
Rust
868
Swift
36
Unreviewed advisories
All unreviewed
5,000+

986 advisories

Loading
On Unix platforms, the Go runtime does not behave differently when a binary is run with the... High Unreviewed
CVE-2023-29403 was published Jun 8, 2023
malicious container creates symlink "mtab" on the host External High
CVE-2024-5154 was published for github.com/cri-o/cri-o (Go) Jun 4, 2024
eriksjolund
Use of Hardware Page Aggregation (HPA) and Stage-1 and/or Stage-2 translation on A77, A78, A78C,... Critical Unreviewed
CVE-2024-5660 was published Dec 10, 2024
Apache Airflow: DAG Code and Import Error Permissions Ignored Moderate
CVE-2024-27906 was published for apache-airflow (pip) Feb 29, 2024
oscerd sunSUNQ
Apache Airflow vulnerable to Exposure of Resource to Wrong Sphere Moderate
CVE-2023-48291 was published for apache-airflow (pip) Dec 21, 2023
Ansible vulnerable to Exposure of Resource to Wrong Sphere and Insecure Temporary File Low
CVE-2020-1733 was published for ansible (pip) Apr 20, 2021
Exposure of Resource to Wrong Sphere and Insecure Temporary File in Ansible Low
CVE-2020-10744 was published for ansible (pip) Feb 9, 2022
Externally Controlled Reference to a Resource in Another Sphere, Improper Input Validation, and External Control of File Name or Path in Ansible High
CVE-2019-14905 was published for ansible (pip) Apr 20, 2021
Software installed and run as a non-privileged user may conduct improper GPU system calls to gain... High Unreviewed
CVE-2024-43704 was published Nov 18, 2024
Remote Desktop Licensing Diagnoser Information Disclosure Vulnerability. Moderate Unreviewed
CVE-2022-21964 was published Jan 12, 2022
Windows GDI+ Information Disclosure Vulnerability. This CVE ID is unique from CVE-2022-21880. Moderate Unreviewed
CVE-2022-21915 was published Jan 12, 2022
Windows GDI Information Disclosure Vulnerability. High Unreviewed
CVE-2022-21904 was published Jan 12, 2022
Windows GDI+ Information Disclosure Vulnerability. This CVE ID is unique from CVE-2022-21915. High Unreviewed
CVE-2022-21880 was published Jan 12, 2022
Insecure temporary file in Tensorflow High
CVE-2022-23563 was published for tensorflow (pip) Feb 9, 2022
Exposure of resource to wrong sphere in some Intel(R) processors with Intel(R) ACTM may allow a... High Unreviewed
CVE-2024-24985 was published Nov 13, 2024
Twig has unguarded calls to `__isset()` and to array-accesses when the sandbox is enabled Low
CVE-2024-51755 was published for twig/twig (Composer) Nov 6, 2024
maantje nicolas-grekas
G-Rath
Twig has unguarded calls to `__toString()` when nesting an object into an array Low
CVE-2024-51754 was published for twig/twig (Composer) Nov 6, 2024
maantje fabpot
Missing Password Field Masking vulnerability in Mitsubishi Electric Corporation EtherNet/IP... Moderate Unreviewed
CVE-2023-2062 was published Jun 2, 2023
Inappropriate implementation in Paint in Google Chrome prior to 98.0.4758.80 allowed a remote... Moderate Unreviewed
CVE-2022-4025 was published Jan 3, 2023
Exposure of Resource to Wrong Sphere in salt High
CVE-2021-21996 was published for salt (pip) Nov 21, 2021
An improper access control vulnerability exists in GitLab Remote Development affecting all... Moderate Unreviewed
CVE-2023-6955 was published Jan 12, 2024
An issue has been discovered in GitLab DAST scanner affecting all versions starting from 3.0.29... Moderate Unreviewed
CVE-2023-1401 was published Jul 26, 2023
An issue has been discovered in GitLab EE affecting all versions starting from 15.7 before 15.10... Moderate Unreviewed
CVE-2023-1825 was published Jun 7, 2023
Insecure Temporary File in mlflow High
CVE-2022-0736 was published for mlflow (pip) Feb 24, 2022
Exposure of sensitive information in Zoom Client SDK's before 5.15.5 may allow an authenticated... High Unreviewed
CVE-2023-39214 was published Aug 9, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database