Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,988
Erlang
29
GitHub Actions
16
Go
1,778
Maven
5,000+
npm
3,544
NuGet
619
pip
3,128
Pub
10
RubyGems
838
Rust
792
Swift
34
Unreviewed advisories
All unreviewed
5,000+

94,586 advisories

Loading
The WooCommerce - Social Login plugin for WordPress is vulnerable to unauthenticated privilege... High Unreviewed
CVE-2024-6637 was published Jul 20, 2024
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... High Unreviewed
CVE-2024-37920 was published Jul 20, 2024
The WooCommerce - Social Login plugin for WordPress is vulnerable to authentication bypass in... High Unreviewed
CVE-2024-6635 was published Jul 20, 2024
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... High Unreviewed
CVE-2024-37954 was published Jul 20, 2024
The SEO Plugin by Squirrly SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting... High Unreviewed
CVE-2024-6497 was published Jul 20, 2024
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... High Unreviewed
CVE-2024-37953 was published Jul 20, 2024
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... High Unreviewed
CVE-2024-38672 was published Jul 20, 2024
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... High Unreviewed
CVE-2024-38673 was published Jul 20, 2024
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... High Unreviewed
CVE-2024-38711 was published Jul 20, 2024
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... High Unreviewed
CVE-2024-38683 was published Jul 20, 2024
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... High Unreviewed
CVE-2024-38696 was published Jul 20, 2024
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... High Unreviewed
CVE-2024-38694 was published Jul 20, 2024
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... High Unreviewed
CVE-2024-38680 was published Jul 20, 2024
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... High Unreviewed
CVE-2024-37961 was published Jul 20, 2024
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... High Unreviewed
CVE-2024-38669 was published Jul 20, 2024
A path traversal vulnerability exists in the `apply_settings` function of parisneo/lollms... High Unreviewed
CVE-2024-6281 was published Jul 20, 2024
Automad arbitrary file upload vulnerability High
CVE-2024-40400 was published for automad/automad (Composer) Jul 19, 2024
Woodpecker's custom workspace allow to overwrite plugin entrypoint executable High
CVE-2024-41121 was published for go.woodpecker-ci.org/woodpecker (Go) Jul 19, 2024
Woodpecker's custom environment variables allow to alter execution flow of plugins High
CVE-2024-41122 was published for go.woodpecker-ci.org/woodpecker (Go) Jul 19, 2024
Apache CXF: SSRF vulnerability via WADL stylesheet parameter High
CVE-2024-29736 was published for org.apache.cxf:cxf-rt-rs-service-description (Maven) Jul 19, 2024
The FV Flowplayer Video Player plugin for WordPress is vulnerable to time-based SQL Injection via... High Unreviewed
CVE-2024-6338 was published Jul 19, 2024
Absent Input Validation in BinaryHttpParser High
CVE-2024-40642 was published for io.netty.incubator:netty-incubator-codec-bhttp (Maven) Jul 18, 2024
shombo
TorchServe gRPC Port Exposure High
CVE-2024-35199 was published for torchserve (pip) Jul 18, 2024
Sliver Allows Authenticated Operator-to-Server Remote Code Execution High
CVE-2024-41111 was published for github.com/bishopfox/sliver (Go) Jul 18, 2024
hyperreality
Philips Vue PACS uses default credentials for potentially critical functionality. High Unreviewed
CVE-2023-40704 was published Jul 18, 2024
ProTip! Advisories are also available from the GraphQL API