GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
248,575 advisories
Filter by severity
There is an elevation of privilege vulnerability in server
and client components of Absolute...
High
Unreviewed
CVE-2024-40872
was published
Jul 25, 2024
Insecure permissions in logging-operator v4.6.0 allows attackers to access sensitive data and...
High
Unreviewed
CVE-2024-36541
was published
Jul 24, 2024
A vulnerability within the web-based management interface of EdgeConnect SD-WAN Orchestrator...
Moderate
Unreviewed
CVE-2024-22444
was published
Jul 24, 2024
An issue in Huawei Technologies opengauss (openGauss 5.0.0 build) v.7.3.0 allows a local attacker...
Moderate
Unreviewed
CVE-2024-40575
was published
Jul 24, 2024
The snapshot_path parameter in the /api/get-browser-snapshot endpoint in stitionai devika v1 is...
Critical
Unreviewed
CVE-2024-40422
was published
Jul 24, 2024
Multiple vulnerabilities in the web-based management interface of Cisco HyperFlex HX could allow...
Critical
Unreviewed
CVE-2021-1497
was published
May 24, 2022
DrayTek Vigor2960 1.3.1_Beta; Vigor3900 1.4.4_Beta; and Vigor300B 1.3.3_Beta, 1.4.2.1_Beta, and 1...
High
Unreviewed
CVE-2020-8515
was published
May 24, 2022
A remote code execution vulnerability exists in the way that the scripting engine handles objects...
High
Unreviewed
CVE-2019-1429
was published
May 24, 2022
Docker Desktop Community Edition before 2.1.0.1 allows local users to gain privileges by placing...
High
Unreviewed
CVE-2019-15752
was published
May 24, 2022
The kstring integration in gix-attributes is unsound
Low
GHSA-cx7h-h87r-jpgr
was published
for
gix-attributes
(Rust)
Jul 25, 2024
Neo4j Cypher component mishandles IMMUTABLE privileges
Moderate
CVE-2024-34517
was published
for
org.neo4j:neo4j-cypher
(Maven)
May 7, 2024
The HTML Forms WordPress plugin before 1.3.33 does not sanitize and escape the form message...
Moderate
Unreviewed
CVE-2024-6243
was published
Jul 22, 2024
The CM Popup Plugin for WordPress WordPress plugin before 1.6.6 does not sanitise and escape...
Moderate
Unreviewed
CVE-2024-5004
was published
Jul 22, 2024
The WP QuickLaTeX WordPress plugin before 3.8.8 does not sanitise and escape some of its settings...
Moderate
Unreviewed
CVE-2024-5529
was published
Jul 22, 2024
The MasterStudy LMS WordPress Plugin WordPress plugin before 3.3.24 does not prevent students...
High
Unreviewed
CVE-2024-5973
was published
Jul 22, 2024
ProtonVPN before 3.2.10 on Windows mishandles the drive installer path, which should use this: '"...
Critical
Unreviewed
CVE-2024-37391
was published
Jul 22, 2024
In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, worker or prefork, code...
High
Unreviewed
CVE-2019-0211
was published
May 13, 2022
In the ioctl handlers of the Mediatek Command Queue driver, there is a possible out of bounds...
High
Unreviewed
CVE-2020-0069
was published
May 24, 2022
The Clever Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting...
Moderate
Unreviewed
CVE-2024-2350
was published
Jun 6, 2024
OpenSLP as used in ESXi and the Horizon DaaS appliances has a heap overwrite issue. VMware has...
High
Unreviewed
CVE-2019-5544
was published
May 24, 2022
Type confusion in V8 in Google Chrome prior to 80.0.3987.122 allowed a remote attacker to...
Moderate
Unreviewed
CVE-2020-6418
was published
May 24, 2022
The The Moneytizer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all...
High
Unreviewed
CVE-2023-6968
was published
Jun 6, 2024
Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14...
Critical
Unreviewed
CVE-2018-15961
was published
May 13, 2022
An issue was discovered in the base64d function in the SMTP listener in Exim before 4.90.1. By...
Critical
Unreviewed
CVE-2018-6789
was published
May 13, 2022
Microsoft Outlook 2010 SP2, Outlook 2013 SP1 and RT SP1, and Outlook 2016 allow an attacker to...
High
Unreviewed
CVE-2017-11774
was published
May 13, 2022
ProTip!
Advisories are also available from the
GraphQL API