GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
                  
                    
                      
                      All reviewed
                    
                    
                      5,000+
                    
                  
                  
                    
                      
                      Composer
                    
                    
                      4,950
                    
                  
                  
                    
                      
                      Erlang
                    
                    
                      39
                    
                  
                  
                    
                      
                      GitHub Actions
                    
                    
                      38
                    
                  
                  
                    
                      
                      Go
                    
                    
                      2,603
                    
                  
                  
                    
                      
                      Maven
                    
                    
                      5,000+
                    
                  
                  
                    
                      
                      npm
                    
                    
                      4,250
                    
                  
                  
                    
                      
                      NuGet
                    
                    
                      755
                    
                  
                  
                    
                      
                      pip
                    
                    
                      4,013
                    
                  
                  
                    
                      
                      Pub
                    
                    
                      12
                    
                  
                  
                    
                      
                      RubyGems
                    
                    
                      953
                    
                  
                  
                    
                      
                      Rust
                    
                    
                      1,048
                    
                  
                  
                    
                      
                      Swift
                    
                    
                      45
                    
                  
                  Unreviewed advisories
                  
                    
                      
                      All unreviewed
                    
                    
                      5,000+
                    
                  
            515 advisories
        Filter by severity
        
      
      
    
                    
                      IrfanView DXF File Parsing Type Confusion Remote Code Execution Vulnerability. This vulnerability...
                    
                      
  High
                      
                        Unreviewed
                    
                
                      
                        CVE-2024-11507
                      
                      was published
                      Nov 22, 2024 
                    
                  
                    
                      IrfanView DXF File Parsing Type Confusion Remote Code Execution Vulnerability. This vulnerability...
                    
                      
  High
                      
                        Unreviewed
                    
                
                      
                        CVE-2024-11508
                      
                      was published
                      Nov 22, 2024 
                    
                  
                    
                      In the deserialization constructor of NanoAppFilter.java, there is a possible loss of data due to...
                    
                      
  Critical
                      
                        Unreviewed
                    
                
                      
                        CVE-2018-9471
                      
                      was published
                      Nov 20, 2024 
                    
                  
                    
                      Type Confusion in V8 in Google Chrome prior to 131.0.6778.85 allowed a remote attacker to...
                    
                      
  High
                      
                        Unreviewed
                    
                
                      
                        CVE-2024-11395
                      
                      was published
                      Nov 19, 2024 
                    
                  
                    
                      In writeTypedArrayList and readTypedArrayList of Parcel.java, there is a possible escalation of...
                    
                      
  High
                      
                        Unreviewed
                    
                
                      
                        CVE-2018-9339
                      
                      was published
                      Nov 19, 2024 
                    
                  
                    
                      Duplicate Advisory: .NET and Visual Studio Remote Code Execution Vulnerability
                    
                      
  Critical
                    
                
                      
                        GHSA-8rxm-6783-qh55
                      
                      was published
                        for
                        
                          System.Formats.Nrbf
                        
                        (NuGet)
                      Nov 12, 2024 
                        •
                        
                          withdrawn
                    
                  
                    
                      In m4u, there is a possible out of bounds write due to a missing bounds check. This could lead to...
                    
                      
  Moderate
                      
                        Unreviewed
                    
                
                      
                        CVE-2024-20106
                      
                      was published
                      Nov 4, 2024 
                    
                  
                    
                      Type Confusion in V8 in Google Chrome prior to 130.0.6723.69 allowed a remote attacker to...
                    
                      
  High
                      
                        Unreviewed
                    
                
                      
                        CVE-2024-10230
                      
                      was published
                      Oct 23, 2024 
                    
                  
                    
                      Type Confusion in V8 in Google Chrome prior to 130.0.6723.69 allowed a remote attacker to...
                    
                      
  High
                      
                        Unreviewed
                    
                
                      
                        CVE-2024-10231
                      
                      was published
                      Oct 23, 2024 
                    
                  
                    
                      In the Linux kernel, the following vulnerability has been resolved:
ACPI: sysfs: validate return...
                    
                      
  High
                      
                        Unreviewed
                    
                
                      
                        CVE-2024-49860
                      
                      was published
                      Oct 21, 2024 
                    
                  
                    
                      Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
                    
                      
  Moderate
                      
                        Unreviewed
                    
                
                      
                        CVE-2024-43596
                      
                      was published
                      Oct 18, 2024 
                    
                  
                    
                      Type confusion in WebAssembly in Google Chrome prior to 126.0.6478.126 allowed a remote attacker...
                    
                      
  High
                      
                        Unreviewed
                    
                
                      
                        CVE-2024-9859
                      
                      was published
                      Oct 11, 2024 
                    
                  
                    
                      Type Confusion in V8 in Google Chrome prior to 129.0.6668.100 allowed a remote attacker to...
                    
                      
  High
                      
                        Unreviewed
                    
                
                      
                        CVE-2024-9603
                      
                      was published
                      Oct 9, 2024 
                    
                  
                    
                      Type Confusion in V8 in Google Chrome prior to 129.0.6668.100 allowed a remote attacker to...
                    
                      
  High
                      
                        Unreviewed
                    
                
                      
                        CVE-2024-9602
                      
                      was published
                      Oct 9, 2024 
                    
                  
                    
                      Access of Resource Using Incompatible Type ('Type Confusion') vulnerability in Webroot...
                    
                      
  Moderate
                      
                        Unreviewed
                    
                
                      
                        CVE-2024-7825
                      
                      was published
                      Oct 3, 2024 
                    
                  
                    
                      Access of Resource Using Incompatible Type ('Type Confusion') vulnerability in Webroot...
                    
                      
  Moderate
                      
                        Unreviewed
                    
                
                      
                        CVE-2024-7824
                      
                      was published
                      Oct 3, 2024 
                    
                  
                    
                      Jenkins item creation restriction bypass vulnerability
                    
                      
  Moderate
                    
                
                      
                        CVE-2024-47804
                      
                      was published
                        for
                        
                          org.jenkins-ci.main:jenkins-core
                        
                        (Maven)
                      Oct 2, 2024 
                    
                  
                    
                      Type Confusion in V8 in Google Chrome prior to 129.0.6668.70 allowed a remote attacker to perform...
                    
                      
  High
                      
                        Unreviewed
                    
                
                      
                        CVE-2024-9122
                      
                      was published
                      Sep 25, 2024 
                    
                  
                    
                      Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
                    
                      
  Moderate
                      
                        Unreviewed
                    
                
                      
                        CVE-2024-43489
                      
                      was published
                      Sep 19, 2024 
                    
                  
                    
                      Type Confusion in V8 in Google Chrome prior to 129.0.6668.58 allowed a remote attacker to...
                    
                      
  High
                      
                        Unreviewed
                    
                
                      
                        CVE-2024-8904
                      
                      was published
                      Sep 17, 2024 
                    
                  
                    
                      Acrobat Reader versions 24.002.21005, 24.001.30159, 20.005.30655, 24.003.20054 and earlier are...
                    
                      
  High
                      
                        Unreviewed
                    
                
                      
                        CVE-2024-45112
                      
                      was published
                      Sep 13, 2024 
                    
                  
                    
                      Type Confusion in V8 in Google Chrome prior to 128.0.6613.137 allowed a remote attacker to...
                    
                      
  High
                      
                        Unreviewed
                    
                
                      
                        CVE-2024-8638
                      
                      was published
                      Sep 11, 2024 
                    
                  
                    
                      Issue summary: Applications performing certificate name checks (e.g., TLS
clients checking server...
                    
                      
  High
                      
                        Unreviewed
                    
                
                      
                        CVE-2024-6119
                      
                      was published
                      Sep 3, 2024 
                    
                  
                    
                      A difference in the handling of StructFields and ArrayTypes in WASM could be used to trigger an...
                    
                      
  Critical
                      
                        Unreviewed
                    
                
                      
                        CVE-2024-8385
                      
                      was published
                      Sep 3, 2024 
                    
                  
                    
                      A potentially exploitable type confusion could be triggered when looking up a property name on an...
                    
                      
  Critical
                      
                        Unreviewed
                    
                
                      
                        CVE-2024-8381
                      
                      was published
                      Sep 3, 2024 
                    
                  
        
        ProTip!
        Advisories are also available from the 
        GraphQL API