GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,972
Erlang
29
GitHub Actions
16
Go
1,762
Maven
4,983
npm
3,518
NuGet
609
pip
3,094
Pub
10
RubyGems
833
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
100,773 advisories
Filter by severity
Cross-site scripting (XSS) vulnerability in opensolution Quick CMS v.6.7 allows a local attacker...
Moderate
Unreviewed
CVE-2023-43342
was published
Oct 20, 2023
Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute...
Moderate
Unreviewed
CVE-2023-43359
was published
Oct 20, 2023
An issue was discovered in TrEEConfigDriver in Insyde InsydeH2O with kernel 5.0 through 5.5. It...
Moderate
Unreviewed
CVE-2023-30633
was published
Oct 19, 2023
The affected product is vulnerable to an exposure of sensitive information to an...
Moderate
Unreviewed
CVE-2023-42666
was published
Oct 19, 2023
The affected product is vulnerable to a cleartext transmission of sensitive...
Moderate
Unreviewed
CVE-2023-41088
was published
Oct 19, 2023
The affected product is vulnerable to a cross-site scripting vulnerability, which could allow an...
Moderate
Unreviewed
CVE-2023-40153
was published
Oct 19, 2023
** UNSUPPORTED WHEN ASSIGNED ** D-Link (Non-US) DSL-2750U N300 ADSL2+ and (Non-US) DSL-2730U N150...
Moderate
Unreviewed
CVE-2023-46033
was published
Oct 19, 2023
An issue in Yamcs 5.8.6 allows attackers to obtain the session cookie via upload of crafted HTML...
Moderate
Unreviewed
CVE-2023-45281
was published
Oct 19, 2023
The SolarWinds Access Rights Manager was susceptible to a Directory Traversal Remote Code...
Moderate
Unreviewed
CVE-2023-35185
was published
Oct 19, 2023
A Path Traversal vulnerability exists in PaperCut NG before 22.1.1 and PaperCut MF before 22.1.1....
Moderate
Unreviewed
CVE-2023-31046
was published
Oct 19, 2023
A flaw in the TETRA authentication procecure allows a MITM adversary that can predict the MS...
Moderate
Unreviewed
CVE-2022-24400
was published
Oct 19, 2023
The AES implementation in the Texas Instruments OMAP L138 (secure variants), present in mask ROM,...
Moderate
Unreviewed
CVE-2022-25332
was published
Oct 19, 2023
In spring AMQP versions 1.0.0 to
2.4.16 and 3.0.0 to 3.0.9 , allowed list patterns for...
Moderate
Unreviewed
CVE-2023-34050
was published
Oct 19, 2023
The ChatBot plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up...
Moderate
Unreviewed
CVE-2023-5254
was published
Oct 19, 2023
The Team Showcase plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the...
Moderate
Unreviewed
CVE-2023-5639
was published
Oct 19, 2023
HCL Compass is vulnerable to failure to invalidate sessions. The application does not invalidate...
Moderate
Unreviewed
CVE-2023-37504
was published
Oct 19, 2023
The iPanorama 360 – WordPress Virtual Tour Builder plugin for WordPress is vulnerable to SQL...
Moderate
Unreviewed
CVE-2023-5336
was published
Oct 19, 2023
The Ad Inserter for WordPress is vulnerable to Sensitive Information Exposure in versions up to,...
Moderate
Unreviewed
CVE-2023-4645
was published
Oct 19, 2023
The Booster for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via...
Moderate
Unreviewed
CVE-2023-5638
was published
Oct 19, 2023
zzzcms v2.2.0 was discovered to contain an open redirect vulnerability.
Moderate
Unreviewed
CVE-2023-45909
was published
Oct 19, 2023
Baker Hughes – Bently Nevada 3500 System TDI Firmware version 5.05
contains a replay...
Moderate
Unreviewed
CVE-2023-36857
was published
Oct 19, 2023
Thirty Bees Core v1.4.0 was discovered to contain a reflected cross-site scripting (XSS)...
Moderate
Unreviewed
CVE-2023-45958
was published
Oct 19, 2023
A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager could allow an authenticated,...
Moderate
Unreviewed
CVE-2023-20261
was published
Oct 18, 2023
Roundcube before 1.4.15, 1.5.x before 1.5.5, and 1.6.x before 1.6.4 allows stored XSS via an...
Moderate
Unreviewed
CVE-2023-5631
was published
Oct 18, 2023
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Mad Fish Digital Bulk NoIndex &...
Moderate
Unreviewed
CVE-2023-45065
was published
Oct 18, 2023
ProTip!
Advisories are also available from the
GraphQL API