GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,988
Erlang
29
GitHub Actions
16
Go
1,776
Maven
5,000+
npm
3,542
NuGet
617
pip
3,125
Pub
10
RubyGems
838
Rust
790
Swift
34
Unreviewed advisories
All unreviewed
5,000+
94,501 advisories
Filter by severity
A validated user not explicitly authorized to have access to certain sensitive information could...
High
Unreviewed
CVE-2023-40159
was published
Jul 18, 2024
IBM Engineering Requirements Management DOORS Web Access 9.7.2.8 is vulnerable to an XML External...
High
Unreviewed
CVE-2023-50304
was published
Jul 18, 2024
Local privilege escalation due to OS command injection vulnerability. The following products are...
High
Unreviewed
CVE-2024-34013
was published
Jul 18, 2024
The Brizy – Page Builder plugin for WordPress is vulnerable to arbitrary file uploads due to...
High
Unreviewed
CVE-2024-3242
was published
Jul 18, 2024
The Timeline Event History plugin for WordPress is vulnerable to PHP Object Injection in all...
High
Unreviewed
CVE-2024-5726
was published
Jul 18, 2024
openCart Server-Side Template Injection (SSTI) vulnerability
High
CVE-2024-40420
was published
for
opencart/opencart
(Composer)
Jul 17, 2024
projectdiscovery/nuclei allows unsigned code template execution through workflows
High
CVE-2024-40641
was published
for
github.com/projectdiscovery/nuclei/v3
(Go)
Jul 17, 2024
A vulnerability in the CLI of Cisco AsyncOS for Secure Web Appliance could allow an authenticated...
High
Unreviewed
CVE-2024-20435
was published
Jul 17, 2024
Gotenberg provides a developer-friendly API to interact with powerful tools like Chromium and...
High
Unreviewed
CVE-2024-40639
was published
Jul 17, 2024
A vulnerability in Cisco Intelligent Node (iNode) Software could allow an unauthenticated, remote...
High
Unreviewed
CVE-2024-20323
was published
Jul 17, 2024
The SolarWinds Access Rights Manager was susceptible to a Directory Traversal and Information...
High
Unreviewed
CVE-2024-28993
was published
Jul 17, 2024
The SolarWinds Access Rights Manager was found to be susceptible to an Arbitrary File Deletion...
High
Unreviewed
CVE-2024-23474
was published
Jul 17, 2024
The SolarWinds Access Rights Manager was susceptible to a Directory Traversal and Information...
High
Unreviewed
CVE-2024-28992
was published
Jul 17, 2024
The SolarWinds Access Rights Manager was susceptible to a Directory Traversal and Information...
High
Unreviewed
CVE-2024-23468
was published
Jul 17, 2024
The SolarWinds Access Rights Manager was found to be susceptible to an authentication bypass...
High
Unreviewed
CVE-2024-23465
was published
Jul 17, 2024
Eclipse Parsson stack overflow when parsing deeply nested input
High
CVE-2023-7272
was published
for
org.eclipse.parsson:parsson
(Maven)
Jul 17, 2024
Sylius has a security vulnerability via adjustments API endpoint
High
CVE-2024-40633
was published
for
sylius/sylius
(Composer)
Jul 17, 2024
Zohocorp ManageEngine DDI Central versions 4001 and prior were vulnerable to agent takeover...
High
Unreviewed
CVE-2024-5471
was published
Jul 17, 2024
Apache StreamPipes has potential remote code execution (RCE) via file upload
High
CVE-2024-31411
was published
for
org.apache.streampipes:streampipes-parent
(Maven)
Jul 17, 2024
Apache Airflow has DAG Author Code Execution possibility in airflow-scheduler
High
CVE-2024-39877
was published
for
apache-airflow
(pip)
Jul 17, 2024
The BookingPress – Appointment Booking Calendar Plugin and Online Scheduling Plugin plugin for...
High
Unreviewed
CVE-2024-6467
was published
Jul 17, 2024
The BookingPress – Appointment Booking Calendar Plugin and Online Scheduling Plugin plugin for...
High
Unreviewed
CVE-2024-6660
was published
Jul 17, 2024
Use after free in Accessibility in Google Chrome prior to 122.0.6261.57 allowed a remote attacker...
High
Unreviewed
CVE-2024-3171
was published
Jul 17, 2024
Insufficient data validation in Updater in Google Chrome prior to 120.0.6099.62 allowed a remote...
High
Unreviewed
CVE-2024-3173
was published
Jul 17, 2024
Out of bounds write in SwiftShader in Google Chrome prior to 117.0.5938.62 allowed a remote...
High
Unreviewed
CVE-2024-3176
was published
Jul 17, 2024
ProTip!
Advisories are also available from the
GraphQL API