Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,901
Maven
5,000+
npm
3,631
NuGet
638
pip
3,244
Pub
10
RubyGems
863
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

296 advisories

Loading
Acrobat Reader versions 20.005.30636, 24.002.20965, 24.002.20964, 24.001.30123 and earlier are... High Unreviewed
CVE-2024-39420 was published Aug 14, 2024
A unauthenticated Remote Code Execution (RCE) vulnerability is found in the SO Planning online... High Unreviewed
CVE-2024-27114 was published Sep 11, 2024
OpenSSH 9.5 through 9.7 before 9.8 sometimes allows timing attacks against echo-off password... High Unreviewed
CVE-2024-39894 was published Jul 2, 2024
B2 Command Line Tool TOCTOU application key disclosure Moderate
CVE-2022-23653 was published for b2 (pip) Feb 24, 2022
janschejbal
b2-sdk-python TOCTOU application key disclosure Moderate
CVE-2022-23651 was published for b2sdk (pip) Feb 24, 2022
janschejbal
In the Linux kernel, the following vulnerability has been resolved: exec: Fix ToCToU between... High Unreviewed
CVE-2024-43882 was published Aug 21, 2024
The total size of the user-provided nmreq to nmreq_copyin() was first computed and then trusted... High Unreviewed
CVE-2022-23084 was published Feb 15, 2024
A potential Time-of-Check to Time-of Use (TOCTOU) vulnerability has been identified in the HP... High Unreviewed
CVE-2022-27540 was published Jun 29, 2024
There is a race condition in the 'replaced executable' detection that, with the correct local... High Unreviewed
CVE-2021-3899 was published Jun 3, 2024
Microsoft Outlook Security Feature Bypass Vulnerability High Unreviewed
CVE-2023-35311 was published Jul 11, 2023
Acrobat Reader versions 20.005.30636, 24.002.20965, 24.002.20964, 24.001.30123 and earlier are... High Unreviewed
CVE-2024-39425 was published Aug 14, 2024
Windows Kernel-Mode Driver Elevation of Privilege Vulnerability High Unreviewed
CVE-2024-38186 was published Aug 13, 2024
Windows Kernel Elevation of Privilege Vulnerability High Unreviewed
CVE-2024-38153 was published Aug 13, 2024
Time-of-check Time-of-use (TOCTOU) race condition in pg_dump in PostgreSQL allows an object... High Unreviewed
CVE-2024-7348 was published Aug 8, 2024
Potential proxy IP restriction bypass in Kubernetes Low
CVE-2020-8562 was published for k8s.io/kubernetes (Go) Feb 2, 2022
enj
Apache StreamPipes potentially allows creation of multiple identical accounts Moderate
CVE-2024-30471 was published for org.apache.streampipes:streampipes-parent (Maven) Jul 17, 2024
Path traversal in Team Chat for some Zoom Workplace Apps and SDKs for Windows may allow an... Moderate Unreviewed
CVE-2024-39826 was published Jul 15, 2024
Race condition in the installer for some Zoom Apps and SDKs for Windows before version 6.0.0 may... High Unreviewed
CVE-2024-27238 was published Jul 15, 2024
Race condition in the installer for Zoom Workplace App for Windows and Zoom Rooms App for Windows... Moderate Unreviewed
CVE-2024-39821 was published Jul 15, 2024
An issue was discovered in HTTP2 in Qt before 5.15.18, 6.x before 6.2.13, 6.3.x through 6.5.x... High Unreviewed
CVE-2024-39936 was published Jul 4, 2024
OpenStack Storlets arbitrary code execution vulnerability High
CVE-2024-28717 was published for storlets (pip) Apr 22, 2024
A Time-of-Check Time-Of-Use vulnerability in the Trend Micro Apex One and Apex One as a Service... High Unreviewed
CVE-2024-36304 was published Jun 11, 2024
An issue was discovered in Alcatel-Lucent ALE NOE deskphones through 86x8_NOE-R300.1.40.12.4180... High Unreviewed
CVE-2024-29149 was published May 7, 2024
A Race Condition (TOCTOU) vulnerability in web component of Ivanti Avalanche before 6.4.3 allows... High Unreviewed
CVE-2024-24993 was published Apr 19, 2024
A Race Condition (TOCTOU) vulnerability in web component of Ivanti Avalanche before 6.4.3 allows... High Unreviewed
CVE-2024-24995 was published Apr 19, 2024
ProTip! Advisories are also available from the GraphQL API