Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,222
Erlang
31
GitHub Actions
19
Go
1,988
Maven
5,000+
npm
3,705
NuGet
661
pip
3,336
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+

265 advisories

Loading
CWE-290: Authentication Bypass by Spoofing vulnerability exists that could cause a denial of... High Unreviewed
CVE-2024-8935 was published Nov 13, 2024
When using IPAuthenticationProvider in ZooKeeper Admin Server there is a possibility of... Critical Unreviewed
CVE-2024-51504 was published Nov 7, 2024
A clipboard "paste" button could persist across tabs which allowed a spoofing attack. This... High Unreviewed
CVE-2024-10465 was published Oct 29, 2024
Truncation of a long URL could have allowed origin spoofing in a permission prompt. This... High Unreviewed
CVE-2024-10462 was published Oct 29, 2024
A vulnerability in the Network Service Group (NSG) feature of Cisco Adaptive Security Appliance ... Moderate Unreviewed
CVE-2024-20384 was published Oct 23, 2024
A vulnerability in the AnyConnect firewall for Cisco Adaptive Security Appliance (ASA) Software... Moderate Unreviewed
CVE-2024-20299 was published Oct 23, 2024
A vulnerability in the AnyConnect firewall for Cisco Adaptive Security Appliance (ASA) Software... Moderate Unreviewed
CVE-2024-20297 was published Oct 23, 2024
QUIC in HAProxy 3.1.x before 3.1-dev7, 3.0.x before 3.0.5, and 2.9.x before 2.9.11 allows opening... Moderate Unreviewed
CVE-2024-49214 was published Oct 14, 2024
Zendesk before 2024-07-02 allows remote attackers to read ticket history via e-mail spoofing,... High Unreviewed
CVE-2024-49193 was published Oct 12, 2024
Mellium allows Authentication Bypass by Spoofing Critical
CVE-2024-46957 was published for mellium.im/xmpp (Go) Sep 25, 2024
Entrust Instant Financial Issuance (On Premise) Software (formerly known as Cardwizard) 6.10.0, 6... Moderate Unreviewed
CVE-2024-39341 was published Sep 23, 2024
Authentication Bypass by Spoofing vulnerability in Peter Hardy-vanDoorn Maintenance Redirect... Low Unreviewed
CVE-2024-45453 was published Sep 23, 2024
CoreDNS Cache Poisoning via a birthday attack Low
CVE-2023-30464 was published for github.com/coredns/coredns (Go) Sep 18, 2024
An issue was discovered in GitLab CE/EE affecting all versions starting from 8.14 prior to 17.1.7... Critical Unreviewed
CVE-2024-6678 was published Sep 12, 2024
An incorrectly implemented authentication scheme that is subjected to a spoofing attack in the... High Unreviewed
CVE-2024-44104 was published Sep 10, 2024
If a site had been granted the permission to open popup windows, it could cause Select elements... Moderate Unreviewed
CVE-2024-8386 was published Sep 3, 2024
In WS_FTP Server versions before 8.8.8 (2022.0.8), a Missing Critical Step in Multi-Factor... Moderate Unreviewed
CVE-2024-7745 was published Aug 28, 2024
Typecho v1.3.0 was discovered to contain a race condition vulnerability in the post commenting... Moderate Unreviewed
CVE-2024-35539 was published Aug 19, 2024
Typecho v1.3.0 was discovered to contain a Client IP Spoofing vulnerability, which allows... Moderate Unreviewed
CVE-2024-35538 was published Aug 19, 2024
An IP Spoofing vulnerability has been discovered in Likeshop up to 2.5.7.20210811. This issue... Moderate Unreviewed
CVE-2024-41432 was published Aug 7, 2024
Apache SeaTunnel Web Authentication vulnerability High
CVE-2023-48396 was published for org.apache.seatunnel:seatunnel-web (Maven) Jul 30, 2024
This issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.4. A... Moderate Unreviewed
CVE-2024-27853 was published Jul 30, 2024
The CloudStack SAML authentication (disabled by default) does not enforce signature check. In... High Unreviewed
CVE-2024-41107 was published Jul 19, 2024
PingOne MFA Integration Kit contains a vulnerability where the skipMFA action can be configured... High Unreviewed
CVE-2023-40702 was published Jul 9, 2024
PingOne MFA Integration Kit contains a vulnerability related to the Prompt Users to Set Up MFA... High Unreviewed
CVE-2023-40356 was published Jul 9, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database