Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
49
Go
3,488
Maven
5,000+
npm
5,000+
NuGet
891
pip
4,743
Pub
13
RubyGems
1,032
Rust
1,227
Swift
53
Unreviewed advisories
All unreviewed
5,000+

113 advisories

Loading
Denial of Service in pipelines affecting all versions of Gitlab EE and CE prior to 16.2.8, 16.3... High Unreviewed
CVE-2023-3917 was published Sep 29, 2023
An issue has been discovered in GitLab affecting all versions starting from 16.2.0. Committing... Moderate Unreviewed
CVE-2023-4522 was published Aug 30, 2023
An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.1 before 16... High Unreviewed
CVE-2023-3900 was published Aug 2, 2023
A URL parameter during login flow was vulnerable to injection. An attacker could insert a... Moderate Unreviewed
CVE-2023-28799 was published Jun 22, 2023
Kubelet vulnerable to bypass of seccomp profile enforcement Moderate
CVE-2023-2431 was published for k8s.io/kubernetes (Go) Jun 16, 2023
Improper Input Validation vulnerability in PHOENIX CONTACT FL/TC MGUARD Family in multiple... Moderate Unreviewed
CVE-2023-2673 was published Jun 13, 2023
A vulnerability has been identified in SIMATIC Drive Controller family (All versions < V3.0.1),... High Unreviewed
CVE-2021-44694 was published Dec 13, 2022
A vulnerability has been identified in SICAM PAS/PQS (All versions < V7.0), SICAM PAS/PQS (All... High Unreviewed
CVE-2022-43723 was published Dec 13, 2022
phpCAS vulnerable to Service Hostname Discovery Exploitation High
CVE-2022-39369 was published for apereo/phpcas (Composer) Nov 1, 2022
Insufficient validation when decoding a Socket.IO packet Critical
CVE-2022-2421 was published for socket.io-parser (npm) Oct 26, 2022
darrachequesne Credited to darrachequesne and kurt-r2c kurt-r2c kurt-r2c
Insufficient type validation in pocketmine/pocketmine-mp High
GHSA-g5rr-p69h-7v3g was published for pocketmine/pocketmine-mp (Composer) Apr 22, 2022
kurt-r2c Credited to kurt-r2c
A remote code execution vulnerability in the BMP image codec of BlackBerry QNX SDP version(s) 6.4... Critical Unreviewed
CVE-2021-32024 was published Dec 14, 2021
go.mongodb.org/mongo-driver improperly validates cstrings when marshalling Go objects into BSON Moderate
CVE-2021-20329 was published for go.mongodb.org/mongo-driver (Go) Jun 15, 2021
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database