GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,279
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,421
Pub
12
RubyGems
891
Rust
873
Swift
36
Unreviewed advisories
All unreviewed
5,000+
35 advisories
Filter by severity
OpenStack Nova vulnerable to unauthorized access to potentially sensitive data
Moderate
CVE-2024-40767
was published
for
Nova
(pip)
Jul 24, 2024
An issue was discovered in Suricata 5.0.0. It is possible to bypass/evade any tcp based signature...
Moderate
Unreviewed
CVE-2019-18792
was published
May 24, 2022
Gateway API route matching order contradicts specification
Moderate
CVE-2024-42487
was published
for
github.com/cilium/cilium
(Go)
Aug 15, 2024
IBM Aspera Faspex 5.0.0 through 5.0.9 could allow a user to bypass intended access restrictions...
Moderate
Unreviewed
CVE-2024-45097
was published
Sep 5, 2024
btcd susceptible to consensus failures
Moderate
CVE-2024-34478
was published
for
github.com/btcsuite/btcd
(Go)
May 5, 2024
A vulnerability in the activation of an access control list (ACL) on Cisco Adaptive Security...
Moderate
Unreviewed
CVE-2024-20293
was published
May 22, 2024
Softing Secure Integration Server Interpretation Conflict Remote Code Execution Vulnerability....
Moderate
Unreviewed
CVE-2023-39481
was published
May 3, 2024
An incorrect string comparison vulnerability in Palo Alto Networks PAN-OS software prevents...
Moderate
Unreviewed
CVE-2024-3386
was published
Apr 10, 2024
CarrierWave content-Type allowlist bypass vulnerability which possibly leads to XSS remained
Moderate
CVE-2024-29034
was published
for
carrierwave
(RubyGems)
Mar 25, 2024
Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting') in trillium-http and trillium-client
Moderate
CVE-2024-23644
was published
for
trillium-client
(Rust)
Jan 24, 2024
IBM PowerSC 1.3, 2.0, and 2.1 uses insecure HTTP methods which could allow a remote attacker to...
Moderate
Unreviewed
CVE-2023-50327
was published
Feb 2, 2024
Bref Doesn't Support Multiple Value Headers in ApiGatewayFormatV2
Moderate
CVE-2024-24753
was published
for
bref/bref
(Composer)
Feb 1, 2024
The vulnerability allows a remote attacker to inject arbitrary HTTP response headers or...
Moderate
Unreviewed
CVE-2023-48256
was published
Jan 10, 2024
Improper header name validation in guzzlehttp/psr7
Moderate
CVE-2023-29197
was published
for
guzzlehttp/psr7
(Composer)
Apr 19, 2023
The HTTP/1 client does not fully validate the contents of the Host header. A maliciously crafted...
Moderate
Unreviewed
CVE-2023-29406
was published
Jul 11, 2023
OpenZeppelin Contracts TransparentUpgradeableProxy clashing selector calls may not be delegated
Moderate
CVE-2023-30541
was published
for
@openzeppelin/contracts
(npm)
Apr 17, 2023
Insecure header validation in slim/psr7
Moderate
CVE-2023-30536
was published
for
slim/psr7
(Composer)
Apr 18, 2023
Prior to Apache HTTP Server 2.4.55, a malicious backend can cause the response headers to be...
Moderate
Unreviewed
CVE-2022-37436
was published
Jan 17, 2023
Ethereum Contains Consensus Flaw During Block Processing
Moderate
CVE-2021-39137
was published
for
github.com/ethereum/go-ethereum
(Go)
Aug 30, 2021
A vulnerability in the FTP inspection engine of Cisco Adaptive Security Appliance (ASA) Software...
Moderate
Unreviewed
CVE-2020-3564
was published
May 24, 2022
Insecure method vulnerability in which allowed HTTP methods are disclosed. E.g., OPTIONS, DELETE,...
Moderate
Unreviewed
CVE-2022-38115
was published
Nov 23, 2022
For ABB eSOMS versions 4.0 to 6.0.3, the X-Content-Type-Options Header is missing in the HTTP...
Moderate
Unreviewed
CVE-2019-19089
was published
May 24, 2022
In the Linux kernel before 6.0.3, drivers/gpu/drm/virtio/virtgpu_object.c misinterprets the...
Moderate
Unreviewed
CVE-2023-22998
was published
Feb 28, 2023
Improper Input Validation in nyholm/psr7
Moderate
GHSA-wjfc-pgfp-pv9c
was published
for
nyholm/psr7
(Composer)
Apr 21, 2023
Improper header validation in httpsoft/http-message
Moderate
GHSA-9jxr-mwpp-w643
was published
for
httpsoft/http-message
(Composer)
Apr 21, 2023
ProTip!
Advisories are also available from the
GraphQL API