Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,670
Maven
5,000+
npm
4,296
NuGet
760
pip
4,075
Pub
12
RubyGems
957
Rust
1,058
Swift
45
Unreviewed advisories
All unreviewed
5,000+

32 advisories

Loading
A flaw was found in the Linux kernels SELinux LSM hook implementation before version 5.7, where... Low Unreviewed
CVE-2020-10751 was published May 24, 2022
Moodle Acceptance of Extraneous Untrusted Data With Trusted Data vulnerability Moderate
CVE-2023-5548 was published for moodle/moodle (Composer) Nov 9, 2023
In JetBrains IntelliJ IDEA before 2023.3.2 code execution was possible in Untrusted Project mode... Moderate Unreviewed
CVE-2023-51655 was published Dec 21, 2023
Symfony HTTP Foundation web cache poisoning Moderate
CVE-2018-14773 was published for symfony/http-foundation (Composer) May 13, 2022
llupa
Credited to llupa
A vulnerability exists in the way that iTerm2 integrates with tmux's control mode, which may... Critical Unreviewed
CVE-2019-9535 was published May 24, 2022
A local user could edit the VideoEdge configuration file and interfere with VideoEdge operation. Moderate Unreviewed
CVE-2023-3749 was published Aug 3, 2023
aiosmtpd STARTTLS unencrypted commands injection Moderate
CVE-2024-34083 was published for aiosmtpd (pip) May 20, 2024
Arusekk
Credited to Arusekk
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition... Low Unreviewed
CVE-2024-21094 was published Apr 17, 2024
Argument injection in websphere_mq agent plugin in Checkmk 2.0.0, 2.1.0, <2.2.0p25 and <2.3.0b5... Moderate Unreviewed
CVE-2024-3367 was published Apr 16, 2024
DNSJava DNSSEC Bypass High
CVE-2024-25638 was published for dnsjava:dnsjava (Maven) Jul 22, 2024
bellebaum schanzen
milux levpachmanov
Credited to bellebaum, schanzen, milux, and levpachmanov
Django Vulnerable to Cache Poisoning High
CVE-2011-4139 was published for Django (pip) May 14, 2022
Next.js Cache Poisoning High
CVE-2024-46982 was published for next (npm) Sep 17, 2024
In JetBrains WebStorm before 2024.3 code execution in Untrusted Project mode was possible via... Moderate Unreviewed
CVE-2024-52555 was published Nov 15, 2024
Django Vulnerable to Cache Poisoning Critical
CVE-2014-1418 was published for Django (pip) May 17, 2022
sunSUNQ
Credited to sunSUNQ
Artifact poisoning vulnerability in action-download-artifact v5 and earlier High
GHSA-5xr6-xhww-33m4 was published for dawidd6/action-download-artifact (GitHub Actions) Nov 25, 2024
woodruffw
Credited to woodruffw
check-jsonschema default caching for remote schemas allows for cache confusion Moderate
CVE-2024-53848 was published for check-jsonschema (pip) Dec 2, 2024
sethmlarson sirosen
Credited to sethmlarson and sirosen
A vulnerability has been identified in SCALANCE XB205-3 (SC, PN) (All versions < V4.5), SCALANCE... High Unreviewed
CVE-2023-44317 was published Nov 14, 2023
Acceptance of extraneous untrusted data with trusted data vulnerability exists in EC-CUBE 4... High Unreviewed
CVE-2024-41924 was published Jul 30, 2024
Nuxt allows DOS via cache poisoning with payload rendering response High
CVE-2025-27415 was published for nuxt (npm) Mar 19, 2025
cold-try
Credited to cold-try
The pagination class includes arbitrary parameters in links, leading to cache poisoning attack... Moderate Unreviewed
CVE-2024-27185 was published Aug 20, 2024
Improper input validation in Microsoft Office Word allows an unauthorized attacker to bypass a... High Unreviewed
CVE-2025-29816 was published Apr 8, 2025
Acceptance of extraneous untrusted data with trusted data in UrlMon allows an unauthorized... High Unreviewed
CVE-2025-29842 was published May 13, 2025
A vulnerability in client join services of Cisco Webex Meetings could allow an unauthenticated,... Moderate Unreviewed
CVE-2025-20255 was published May 21, 2025
Acceptance of extraneous untrusted data with trusted data in Windows BitLocker allows an... Moderate Unreviewed
CVE-2025-48804 was published Jul 8, 2025
A `named` caching resolver that is configured to send ECS (EDNS Client Subnet) options may be... High Unreviewed
CVE-2025-40776 was published Jul 16, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database