Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,737
Maven
5,000+
npm
4,337
NuGet
764
pip
4,112
Pub
12
RubyGems
960
Rust
1,068
Swift
45
Unreviewed advisories
All unreviewed
5,000+

43 advisories

Loading
Some API functions allow interaction with the registry, which includes reading values as well as... Critical Unreviewed
CVE-2021-38453 was published May 24, 2022
External Control of System or Configuration Setting in GitHub repository instantsoft/icms2 prior... High Unreviewed
CVE-2023-4704 was published Sep 1, 2023
in-toto vulnerable to Configuration Read From Local Directory Moderate
CVE-2023-32076 was published for in-toto (pip) May 11, 2023
Micronaut management endpoints vulnerable to drive-by localhost attack Moderate
CVE-2024-23639 was published for io.micronaut:micronaut-http-server (Maven) Feb 9, 2024
Versions 00.07.00 through 00.07.03.4 of Teltonika’s RUT router firmware contain a packet dump... High Unreviewed
CVE-2023-32349 was published Jul 6, 2023
A vulnerability exists by allowing low-privileged users to read and update the data in various... High Unreviewed
CVE-2023-3321 was published Jul 24, 2023
A vulnerability in parisneo/lollms-webui versions up to 9.3 allows remote attackers to execute... Critical Unreviewed
CVE-2024-4326 was published May 16, 2024
Unauthorized startup vulnerability of background apps. Successful exploitation of this... Moderate Unreviewed
CVE-2023-46764 was published Nov 8, 2023
mooSocial 3.1.8 is vulnerable to external service interaction on post function. When executed,... Moderate Unreviewed
CVE-2023-43323 was published Sep 28, 2023
github.com/gitpod-io/gitpod vulnerable to Cookie Tossing Moderate
CVE-2024-21583 was published for github.com/gitpod-io/gitpod (Go) Jul 19, 2024
Flowise OverrideConfig security vulnerability High
GHSA-5cph-wvm9-45gj was published for flowise (npm) Nov 21, 2024
ryanhalliday
Credited to ryanhalliday
A CWE-15 "External Control of System or Configuration Setting" was discovered affecting the... High Unreviewed
CVE-2024-50358 was published Nov 26, 2024
Information Disclosure vulnerabilities allow access to application configuration information. ... High Unreviewed
CVE-2024-51543 was published Dec 5, 2024
Service Control vulnerabilities allow access to service restart requests and vm configuration... High Unreviewed
CVE-2024-51544 was published Dec 5, 2024
Security vulnerability in the HiView module Impact: Successful exploitation of this vulnerability... High Unreviewed
CVE-2024-54097 was published Dec 12, 2024
An external config control vulnerability exists in the nas.cgi set_nas() functionality of Wavlink... Critical Unreviewed
CVE-2024-39602 was published Jan 14, 2025
An external config control vulnerability exists in the nas.cgi set_smb_cfg() functionality of... Critical Unreviewed
CVE-2024-39280 was published Jan 14, 2025
An external config control vulnerability exists in the openvpn.cgi openvpn_client_setup()... Critical Unreviewed
CVE-2024-38666 was published Jan 14, 2025
For TCAS II systems using transponders compliant with MOPS earlier than RTCA DO-181F, an attacker... High Unreviewed
CVE-2024-11166 was published Jan 22, 2025
A vulnerability was found in Unbound due to incorrect default permissions, allowing any process... High Unreviewed
CVE-2024-1488 was published Feb 15, 2024
A configuration setting issue in seccenter.exe as used in Bitdefender Total Security, Bitdefender... High Unreviewed
CVE-2023-6154 was published Apr 1, 2024
Via the GUI of the "bestinformed Infoclient", a low-privileged user is by default able to change... High Unreviewed
CVE-2025-0425 was published Feb 18, 2025
Unauthenticated attackers can send configuration settings to device and possible perform physical... Moderate Unreviewed
CVE-2025-30512 was published Apr 16, 2025
The security module has configuration defects.Successful exploitation of this vulnerability may... High Unreviewed
CVE-2022-41582 was published Oct 14, 2022
Wing FTP Server before 7.4.4 does not properly validate and sanitize the url parameter of the... Low Unreviewed
CVE-2025-27889 was published Jul 10, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database