Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,383
Erlang
33
GitHub Actions
22
Go
2,140
Maven
5,000+
npm
3,800
NuGet
687
pip
3,478
Pub
12
RubyGems
897
Rust
898
Swift
38
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

72 advisories

Loading
libarchive through 3.7.7 has a heap-based buffer over-read in header_gnu_longlink in... Moderate Unreviewed
CVE-2024-57970 was published Feb 16, 2025
A denial of service vulnerability exists in the ICMP and ICMPv6 parsing functionality of Weston... Moderate Unreviewed
CVE-2023-39540 was published Feb 20, 2024
A denial of service vulnerability exists in the ICMP and ICMPv6 parsing functionality of Weston... Moderate Unreviewed
CVE-2023-39541 was published Feb 20, 2024
Information disclosure while processing information on firmware image during core initialization. Moderate Unreviewed
CVE-2024-38414 was published Feb 3, 2025
Information disclosure during audio playback. Moderate Unreviewed
CVE-2024-38416 was published Feb 3, 2025
Information disclosure while processing IO control commands. Moderate Unreviewed
CVE-2024-38417 was published Feb 3, 2025
Windows Remote Access Connection Manager Information Disclosure Vulnerability Moderate Unreviewed
CVE-2024-30039 was published May 14, 2024
Information disclosure while handling T2LM Action Frame in WLAN Host. Moderate Unreviewed
CVE-2023-43537 was published Jun 3, 2024
NGINX Open Source and NGINX Plus have a vulnerability in the ngx_http_mp4_module, which might... Moderate Unreviewed
CVE-2024-7347 was published Aug 14, 2024
A buffer over-read in Ivanti Secure Access Client before 22.7R4 allows a local unauthenticated... Moderate Unreviewed
CVE-2024-9843 was published Nov 12, 2024
Information disclosure while parsing dts header atom in Video. Moderate Unreviewed
CVE-2023-43527 was published May 6, 2024
Information disclosure when the ADSP payload size received in HLOS in response to Audio Stream... Moderate Unreviewed
CVE-2023-43528 was published May 6, 2024
Transient DOS can occur when GVM sends a specific message type to the Vdev-FastRPC backend. Moderate Unreviewed
CVE-2024-45559 was published Jan 6, 2025
information disclosure while invoking the mailbox read API. Moderate Unreviewed
CVE-2024-43063 was published Jan 6, 2025
Information Disclosure while invoking the mailbox write API when message received from user is... Moderate Unreviewed
CVE-2024-23366 was published Jan 6, 2025
Information disclosure while invoking callback function of sound model driver from ADSP for every... Moderate Unreviewed
CVE-2024-33067 was published Jan 6, 2025
Information disclosure while processing IOCTL call made for releasing a trusted VM process... Moderate Unreviewed
CVE-2024-33061 was published Jan 6, 2025
Transient DOS while processing channel information for speaker protection v2 module in ADSP. Moderate Unreviewed
CVE-2023-33090 was published Mar 4, 2024
Information Disclosure while processing IOCTL request in FastRPC. Moderate Unreviewed
CVE-2023-33078 was published Mar 4, 2024
Windows Remote Access Connection Manager Information Disclosure Vulnerability Moderate Unreviewed
CVE-2024-26255 was published Apr 9, 2024
Windows Remote Access Connection Manager Information Disclosure Vulnerability Moderate Unreviewed
CVE-2024-28902 was published Apr 9, 2024
Windows Remote Access Connection Manager Information Disclosure Vulnerability Moderate Unreviewed
CVE-2024-28900 was published Apr 9, 2024
Windows Remote Access Connection Manager Information Disclosure Vulnerability Moderate Unreviewed
CVE-2024-28901 was published Apr 9, 2024
Windows Kernel Information Disclosure Vulnerability Moderate Unreviewed
CVE-2023-36803 was published Sep 12, 2023
Transient DOS while handling PS event when Program Service name length offset value is set to 255. Moderate Unreviewed
CVE-2024-33043 was published Sep 2, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database