Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,746
Erlang
35
GitHub Actions
29
Go
2,319
Maven
5,000+
npm
3,955
NuGet
712
pip
3,736
Pub
12
RubyGems
920
Rust
972
Swift
38
Unreviewed advisories
All unreviewed
5,000+

48 advisories

Loading
This issue was addressed through improved state management. This issue is fixed in iOS 18.5 and... High Unreviewed
CVE-2025-31253 was published May 13, 2025
Reference to Expired Domain Vulnerability in OpenText™ ArcSight Enterprise Security Manager. Low Unreviewed
CVE-2025-2517 was published Apr 21, 2025
array-init-cursor is unsound when used with types that implement `Drop` Low
GHSA-67r5-rqwv-9p9q was published for array-init-cursor (Rust) Mar 31, 2025
Suspended Directus user can continue to use session token to access API Low
CVE-2025-30351 was published for directus (npm) Mar 26, 2025
Dell Avamar, version 19.4 or later, contains an access token reuse vulnerability in the AUI. A... Moderate Unreviewed
CVE-2025-21117 was published Feb 5, 2025
An operation on a resource after expiration or release in Fortinet FortiManager 6.4.12 through 7... High Unreviewed
CVE-2024-47571 was published Jan 14, 2025
JWK Set's HTTP client only overwrites and appends JWK to local cache during refresh Low
CVE-2025-22149 was published for github.com/MicahParks/jwkset (Go) Jan 9, 2025
rohitkoul
UAF vulnerability in the device node access module Impact: Successful exploitation of this... Moderate Unreviewed
CVE-2024-56434 was published Jan 8, 2025
In the Linux kernel, the following vulnerability has been resolved: virtio_net: correct... Moderate Unreviewed
CVE-2024-56674 was published Dec 27, 2024
In the Linux kernel, the following vulnerability has been resolved: ACPI: battery: Fix possible... Moderate Unreviewed
CVE-2024-49955 was published Oct 21, 2024
In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Fix crash caused... Moderate Unreviewed
CVE-2024-49953 was published Oct 21, 2024
ZITADEL Allows Unauthorized Access After Organization or Project Deactivation High
CVE-2024-47060 was published for github.com/zitadel/zitadel/v2 (Go) Sep 19, 2024
prdp1137 livio-a
fforootd
ZITADEL's Service Users Deactivation not Working High
CVE-2024-47000 was published for github.com/zitadel/zitadel/v2 (Go) Sep 19, 2024
livio-a fforootd
ZITADEL's User Grant Deactivation not Working High
CVE-2024-46999 was published for github.com/zitadel/zitadel/v2 (Go) Sep 19, 2024
livio-a fforootd
Hyperledger Fabric does not verify request has a timestamp within the expected time window Moderate
CVE-2024-45244 was published for github.com/hyperledger/fabric (Go) Aug 25, 2024
When the NGINX Plus is configured to use the MQTT pre-read module, undisclosed requests can cause... High Unreviewed
CVE-2024-39792 was published Aug 14, 2024
IBM App Connect Enterprise 12.0.1.0 through 12.0.12.1 could allow an authenticated user to obtain... Moderate Unreviewed
CVE-2024-31893 was published May 22, 2024
IBM App Connect Enterprise 12.0.1.0 through 12.0.12.1 could allow an authenticated user to obtain... Moderate Unreviewed
CVE-2024-31895 was published May 22, 2024
IBM App Connect Enterprise 12.0.1.0 through 12.0.12.1 could allow an authenticated user to obtain... Moderate Unreviewed
CVE-2024-31894 was published May 22, 2024
A flaw was found in the QEMU Virtio PCI Bindings (hw/virtio/virtio-pci.c). An improper release... Moderate Unreviewed
CVE-2024-4693 was published May 14, 2024
Mio's tokens for named pipes may be delivered after deregistration High
CVE-2024-27308 was published for mio (Rust) Mar 4, 2024
rofoun radekvit
In the Linux kernel, the following vulnerability has been resolved: ipc/mqueue, msg, sem: avoid... High Unreviewed
CVE-2021-47069 was published Mar 2, 2024
Possibility to circumvent the invitation token expiry period Moderate
CVE-2023-48220 was published for decidim (RubyGems) Feb 20, 2024
ahukkanen ctrgrb
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in blockmason credit-protocol. It has... Moderate Unreviewed
CVE-2018-25098 was published Feb 4, 2024
Go package github.com/notaryproject/notation configured with permissive trust policies potentially susceptible to rollback attack from compromised registry Moderate
CVE-2024-23332 was published for github.com/notaryproject/notation (Go) Jan 19, 2024
JustinCappos
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database