Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,992
Erlang
29
GitHub Actions
16
Go
1,782
Maven
5,000+
npm
3,544
NuGet
619
pip
3,134
Pub
10
RubyGems
838
Rust
795
Swift
34
Unreviewed advisories
All unreviewed
5,000+

22,106 advisories

Loading
Volmarg Personal Management System 1.4.64 is vulnerable to SSRF (Server Side Request Forgery) via... Critical Unreviewed
CVE-2024-29319 was published Jul 5, 2024
An issue was discovered in SeaCMS <=12.9 which allows remote attackers to execute arbitrary code... Critical Unreviewed
CVE-2024-39028 was published Jul 5, 2024
The CloudStack cluster service runs on unauthenticated port (default 9090) that can be misused to... Critical Unreviewed
CVE-2024-38346 was published Jul 5, 2024
The CloudStack integration API service allows running its unauthenticated API server (usually on... Critical Unreviewed
CVE-2024-39864 was published Jul 5, 2024
Unauthorized file access in WEB Server in ABB ASPECT - Enterprise v <=3.08.01; NEXUS Series v <... Critical Unreviewed
CVE-2024-6209 was published Jul 5, 2024
Improper Input Validation vulnerability in ABB ASPECT-Enterprise on Linux, ABB NEXUS Series on... Critical Unreviewed
CVE-2024-6298 was published Jul 5, 2024
rejetto HFS vulnerable to OS Command Execution by remote authenticated users Critical
CVE-2024-39943 was published for hfs (npm) Jul 5, 2024
Gogs allows argument injection during the previewing of changes Critical
CVE-2024-39932 was published for github.com/gogs/gogs (Go) Jul 4, 2024
github.com/gogs/gogs affected by CVE-2024-39930 Critical
CVE-2024-39930 was published for github.com/gogs/gogs (Go) Jul 4, 2024
Gogs allows deletion of internal files Critical
CVE-2024-39931 was published for github.com/gogs/gogs (Go) Jul 4, 2024
In ZNC before 1.9.1, remote code execution can occur in modtcl via a KICK. Critical Unreviewed
CVE-2024-39844 was published Jul 3, 2024
An authentication bypass in the SSH service of gost v2.11.5 allows attackers to intercept... Critical Unreviewed
CVE-2024-39223 was published Jul 3, 2024
Security check loophole in HAProxy release (in combination with routing release) in Cloud Foundry... Critical Unreviewed
CVE-2024-37082 was published Jul 3, 2024
Sites managed in S@M CMS (Concept Intermedia) might be vulnerable to a blind SQL Injection... Critical Unreviewed
CVE-2024-3816 was published Jul 3, 2024
Soft Circle French-Bread Melty Blood: Actress Again: Current Code through 1.07 Rev. 1.4.0 allows... Critical Unreviewed
CVE-2024-39704 was published Jul 3, 2024
mySCADA myPRO uses a hard-coded password which could allow an attacker to remotely execute code... Critical Unreviewed
CVE-2024-4708 was published Jul 3, 2024
Under certain circumstances the web interface will accept characters unrelated to the expected... Critical Unreviewed
CVE-2024-32755 was published Jul 2, 2024
The vulnerability allows attackers access to the root account without having to authenticate.... Critical Unreviewed
CVE-2023-41920 was published Jul 2, 2024
Hardcoded credentials are discovered within the application's source code, creating a potential... Critical Unreviewed
CVE-2023-41919 was published Jul 2, 2024
A vulnerability allows attackers to download source code or an executable from a remote location... Critical Unreviewed
CVE-2023-41921 was published Jul 2, 2024
Inadequate input validation exposes the system to potential remote code execution (RCE) risks.... Critical Unreviewed
CVE-2023-41917 was published Jul 2, 2024
A vulnerability allows unauthorized access to functionality inadequately constrained by ACLs.... Critical Unreviewed
CVE-2023-41918 was published Jul 2, 2024
The Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress... Critical Unreviewed
CVE-2024-6172 was published Jul 2, 2024
MachForm up to version 21 is affected by an authenticated unrestricted file upload which leads to... Critical Unreviewed
CVE-2024-37762 was published Jul 2, 2024
The N-central server is vulnerable to session rebinding of already authenticated users when using... Critical Unreviewed
CVE-2024-5322 was published Jul 1, 2024
ProTip! Advisories are also available from the GraphQL API