Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

248,575 advisories

Loading
There is an elevation of privilege vulnerability in server and client components of Absolute... High Unreviewed
CVE-2024-40872 was published Jul 25, 2024
Insecure permissions in logging-operator v4.6.0 allows attackers to access sensitive data and... High Unreviewed
CVE-2024-36541 was published Jul 24, 2024
A vulnerability within the web-based management interface of EdgeConnect SD-WAN Orchestrator... Moderate Unreviewed
CVE-2024-22444 was published Jul 24, 2024
An issue in Huawei Technologies opengauss (openGauss 5.0.0 build) v.7.3.0 allows a local attacker... Moderate Unreviewed
CVE-2024-40575 was published Jul 24, 2024
The snapshot_path parameter in the /api/get-browser-snapshot endpoint in stitionai devika v1 is... Critical Unreviewed
CVE-2024-40422 was published Jul 24, 2024
Multiple vulnerabilities in the web-based management interface of Cisco HyperFlex HX could allow... Critical Unreviewed
CVE-2021-1497 was published May 24, 2022
DrayTek Vigor2960 1.3.1_Beta; Vigor3900 1.4.4_Beta; and Vigor300B 1.3.3_Beta, 1.4.2.1_Beta, and 1... High Unreviewed
CVE-2020-8515 was published May 24, 2022
A remote code execution vulnerability exists in the way that the scripting engine handles objects... High Unreviewed
CVE-2019-1429 was published May 24, 2022
Docker Desktop Community Edition before 2.1.0.1 allows local users to gain privileges by placing... High Unreviewed
CVE-2019-15752 was published May 24, 2022
The kstring integration in gix-attributes is unsound Low
GHSA-cx7h-h87r-jpgr was published for gix-attributes (Rust) Jul 25, 2024
Neo4j Cypher component mishandles IMMUTABLE privileges Moderate
CVE-2024-34517 was published for org.neo4j:neo4j-cypher (Maven) May 7, 2024
irene221b
The HTML Forms WordPress plugin before 1.3.33 does not sanitize and escape the form message... Moderate Unreviewed
CVE-2024-6243 was published Jul 22, 2024
The CM Popup Plugin for WordPress WordPress plugin before 1.6.6 does not sanitise and escape... Moderate Unreviewed
CVE-2024-5004 was published Jul 22, 2024
The WP QuickLaTeX WordPress plugin before 3.8.8 does not sanitise and escape some of its settings... Moderate Unreviewed
CVE-2024-5529 was published Jul 22, 2024
The MasterStudy LMS WordPress Plugin WordPress plugin before 3.3.24 does not prevent students... High Unreviewed
CVE-2024-5973 was published Jul 22, 2024
ProtonVPN before 3.2.10 on Windows mishandles the drive installer path, which should use this: '"... Critical Unreviewed
CVE-2024-37391 was published Jul 22, 2024
In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, worker or prefork, code... High Unreviewed
CVE-2019-0211 was published May 13, 2022
In the ioctl handlers of the Mediatek Command Queue driver, there is a possible out of bounds... High Unreviewed
CVE-2020-0069 was published May 24, 2022
The Clever Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting... Moderate Unreviewed
CVE-2024-2350 was published Jun 6, 2024
OpenSLP as used in ESXi and the Horizon DaaS appliances has a heap overwrite issue. VMware has... High Unreviewed
CVE-2019-5544 was published May 24, 2022
Type confusion in V8 in Google Chrome prior to 80.0.3987.122 allowed a remote attacker to... Moderate Unreviewed
CVE-2020-6418 was published May 24, 2022
The The Moneytizer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all... High Unreviewed
CVE-2023-6968 was published Jun 6, 2024
Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14... Critical Unreviewed
CVE-2018-15961 was published May 13, 2022
An issue was discovered in the base64d function in the SMTP listener in Exim before 4.90.1. By... Critical Unreviewed
CVE-2018-6789 was published May 13, 2022
Microsoft Outlook 2010 SP2, Outlook 2013 SP1 and RT SP1, and Outlook 2016 allow an attacker to... High Unreviewed
CVE-2017-11774 was published May 13, 2022
ProTip! Advisories are also available from the GraphQL API