Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,956
Erlang
29
GitHub Actions
16
Go
1,745
Maven
4,969
npm
3,507
NuGet
609
pip
3,066
Pub
10
RubyGems
832
Rust
780
Swift
34
Unreviewed advisories
All unreviewed
5,000+

108,658 advisories

Loading
In JetBrains YouTrack before 2024.2.34646 user access token was sent to the third-party site Moderate Unreviewed
CVE-2024-38505 was published Jun 18, 2024
In JetBrains YouTrack before 2024.2.34646 the Guest User Account was enabled for attaching files... Moderate Unreviewed
CVE-2024-38504 was published Jun 18, 2024
The Divi theme for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to,... Moderate Unreviewed
CVE-2024-5533 was published Jun 18, 2024
The Tickera – WordPress Event Ticketing plugin for WordPress is vulnerable to unauthorized loss... Moderate Unreviewed
CVE-2024-5860 was published Jun 18, 2024
Johan Fagerström, member of the AXIS OS Bug Bounty Program, has found that a O3C feature may... Moderate Unreviewed
CVE-2024-0066 was published Jun 18, 2024
The PDF Viewer for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting... Moderate Unreviewed
CVE-2024-0845 was published Jun 18, 2024
The Scheduling Plugin – Online Booking for WordPress plugin for WordPress is vulnerable to... Moderate Unreviewed
CVE-2024-1634 was published Jun 18, 2024
The Ibtana – WordPress Website Builder plugin for WordPress is vulnerable to unauthorized... Moderate Unreviewed
CVE-2024-5541 was published Jun 18, 2024
The Master Slider – Responsive Touch Slider plugin for WordPress is vulnerable to Stored Cross... Moderate Unreviewed
CVE-2024-4375 was published Jun 18, 2024
A vulnerability has been found in itsourcecode Pool of Bethesda Online Reservation System up to 1... Moderate Unreviewed
CVE-2024-6084 was published Jun 18, 2024
A vulnerability, which was classified as critical, was found in PHPVibe 11.0.46. Affected is an... Moderate Unreviewed
CVE-2024-6083 was published Jun 18, 2024
A vulnerability classified as critical was found in SourceCodester Music Class Enrollment System... Moderate Unreviewed
CVE-2024-6067 was published Jun 18, 2024
Rancher's RKE1 Encryption Config kept in plain-text within cluster AppliedSpec Moderate
CVE-2024-22032 was published for github.com/rancher/rancher (Go) Jun 17, 2024
Rancher's External RoleTemplates can lead to privilege escalation Moderate
CVE-2023-32196 was published for github.com/rancher/rancher (Go) Jun 17, 2024
Lobe Chat API Key Leak Moderate
CVE-2024-37895 was published for @lobehub/chat (npm) Jun 17, 2024
zhuozhiyongde
Firefly III has a MFA bypass in oauth flow Moderate
CVE-2024-37893 was published for grumpydictator/firefly-iii (Composer) Jun 17, 2024
Skelmis
urllib3's Proxy-Authorization request header isn't stripped during cross-origin redirects Moderate
CVE-2024-37891 was published for urllib3 (pip) Jun 17, 2024
pquentin illia-v
A vulnerability was found in GPAC 2.5-DEV-rev228-g11067ea92-master. It has been declared as... Moderate Unreviewed
CVE-2024-6064 was published Jun 17, 2024
A vulnerability classified as critical has been found in SourceCodester Best House Rental... Moderate Unreviewed
CVE-2024-6066 was published Jun 17, 2024
A vulnerability classified as problematic has been found in LabVantage LIMS 2017. This affects an... Moderate Unreviewed
CVE-2024-6058 was published Jun 17, 2024
@akbr/update Prototype Pollution Moderate
CVE-2024-36578 was published for @akbr/update (npm) Jun 17, 2024
obx Prototype Pollution Moderate
CVE-2024-36573 was published for @almela/obx (npm) Jun 17, 2024
Object Resolver Prototype Pollution Moderate
CVE-2024-36577 was published for @apphp/object-resolver (npm) Jun 17, 2024
flatten-json Prototype Pollution Moderate
CVE-2024-36574 was published for @allanlancioni/flatten-json (npm) Jun 17, 2024
Badger Database Prototype Pollution Moderate
CVE-2024-36581 was published for @abw/badger-database (npm) Jun 17, 2024
ProTip! Advisories are also available from the GraphQL API