GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,978
Erlang
29
GitHub Actions
16
Go
1,768
Maven
4,991
npm
3,537
NuGet
616
pip
3,107
Pub
10
RubyGems
837
Rust
786
Swift
34
Unreviewed advisories
All unreviewed
5,000+
22,038 advisories
Filter by severity
A nested iframe, triggering a cross-site navigation, could send SameSite=Strict or Lax cookies....
Critical
Unreviewed
CVE-2024-6611
was published
Jul 9, 2024
Clipboard code failed to check the index on an array access. This could have lead to an out-of...
Critical
Unreviewed
CVE-2024-6606
was published
Jul 9, 2024
In circ_read of link_device_memory_legacy.c, there is a possible out of bounds write due to an...
Critical
Unreviewed
CVE-2024-32905
was published
Jun 13, 2024
Sensitive information disclosure in NetScaler Console
Critical
Unreviewed
CVE-2024-6235
was published
Jul 10, 2024
14Finger v1.1 was discovered to contain a remote command execution (RCE) vulnerability in the...
Critical
Unreviewed
CVE-2024-37770
was published
Jul 10, 2024
The SEOPress WordPress plugin before 7.9 does not properly protect some of its REST API routes,...
Critical
Unreviewed
CVE-2024-5488
was published
Jul 9, 2024
A mismatch between allocator and deallocator could have lead to memory corruption. This...
Critical
Unreviewed
CVE-2024-6602
was published
Jul 9, 2024
When generating the systemd service units for the docker snap (and other similar snaps), snapd...
Critical
Unreviewed
CVE-2020-27352
was published
Jun 21, 2024
Alldata V0.4.6 is vulnerable to Incorrect Access Control. A total of many modules interface...
Critical
Unreviewed
CVE-2024-27602
was published
Apr 2, 2024
Veeam Backup Enterprise Manager allows unauthenticated users to log in as any user to enterprise...
Critical
Unreviewed
CVE-2024-29849
was published
May 23, 2024
A Stored Cross-Site Scripting (XSS) vulnerability exists in gaizhenbiao/chuanhuchatgpt version...
Critical
Unreviewed
CVE-2024-6035
was published
Jul 11, 2024
CWE-200: Information Exposure vulnerability exists that could cause disclosure of
credentials...
Critical
Unreviewed
CVE-2024-6407
was published
Jul 11, 2024
The JSON API User plugin for WordPress is vulnerable to privilege escalation in all versions up...
Critical
Unreviewed
CVE-2024-6624
was published
Jul 11, 2024
An issue was discovered in GitLab CE/EE affecting all versions starting from 15.8 prior to 16.11...
Critical
Unreviewed
CVE-2024-6385
was published
Jul 11, 2024
python-jwt vulnerable to token forgery with new claims
Critical
CVE-2022-39227
was published
for
python-jwt
(pip)
Sep 21, 2022
Missing authentication for a critical function in Palo Alto Networks Expedition can lead to an...
Critical
Unreviewed
CVE-2024-5910
was published
Jul 10, 2024
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Membership Software...
Critical
Unreviewed
CVE-2024-37113
was published
Jul 10, 2024
Rejetto HTTP File Server, up to and including version 2.3m, is vulnerable to a template injection...
Critical
Unreviewed
CVE-2024-23692
was published
May 31, 2024
github.com/gogs/gogs affected by CVE-2024-39930
Critical
CVE-2024-39930
was published
for
github.com/gogs/gogs
(Go)
Jul 4, 2024
An unauthenticated remote attacker can manipulate the device via Telnet, stop processes, read,...
Critical
Unreviewed
CVE-2024-6422
was published
Jul 10, 2024
XWiki Platform: Remote code execution as guest via DatabaseSearch
Critical
CVE-2024-31982
was published
for
org.xwiki.platform:xwiki-platform-search-ui
(Maven)
Apr 10, 2024
Remote Code Execution (RCE) vulnerability in geoserver
Critical
CVE-2024-36401
was published
for
org.geoserver.web:gs-web-app
(Maven)
Jul 1, 2024
Gogs allows deletion of internal files
Critical
CVE-2024-39931
was published
for
github.com/gogs/gogs
(Go)
Jul 4, 2024
SQL Injection vulnerability in Eskooly Web Product v.3.0 allows a remote attacker to execute...
Critical
Unreviewed
CVE-2024-27709
was published
Jul 5, 2024
An issue in Eskooly Free Online School management Software v.3.0 and before allows a remote...
Critical
Unreviewed
CVE-2024-27710
was published
Jul 5, 2024
ProTip!
Advisories are also available from the
GraphQL API