GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,049
Erlang
29
GitHub Actions
18
Go
1,871
Maven
5,000+
npm
3,597
NuGet
638
pip
3,198
Pub
10
RubyGems
852
Rust
809
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
748 advisories
Filter by severity
A vulnerability was found in HM Courts & Tribunals Service Probate Back Office up to...
Moderate
Unreviewed
CVE-2024-8367
was published
Sep 1, 2024
A host header injection vulnerability exists in the forgot password functionality of ArrowCMS...
Critical
Unreviewed
CVE-2024-42914
was published
Aug 23, 2024
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 and 11.5 is vulnerable to...
Moderate
Unreviewed
CVE-2024-31882
was published
Aug 14, 2024
GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000...
Critical
Unreviewed
CVE-2024-39227
was published
Aug 6, 2024
stitionai/devika main branch as of commit cdfb782b0e634b773b10963c8034dc9207ba1f9f is vulnerable...
High
Unreviewed
CVE-2024-6331
was published
Aug 4, 2024
A CRLF injection vulnerability in E-Staff v5.1 allows attackers to insert Carriage Return (CR)...
Critical
Unreviewed
CVE-2024-40324
was published
Jul 25, 2024
A vulnerability in the web-based management interface of Cisco AsyncOS for Secure Email Gateway...
Moderate
Unreviewed
CVE-2024-20429
was published
Jul 17, 2024
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection'...
Moderate
Unreviewed
CVE-2024-38700
was published
Jul 12, 2024
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection'...
Low
Unreviewed
CVE-2024-37253
was published
Jul 9, 2024
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection'...
Low
Unreviewed
CVE-2024-35777
was published
Jul 9, 2024
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection'...
Low
Unreviewed
CVE-2024-37442
was published
Jul 9, 2024
A vulnerability was found in playSMS 1.4.3. It has been rated as problematic. Affected by this...
Moderate
Unreviewed
CVE-2024-6470
was published
Jul 3, 2024
A vulnerability was found in playSMS 1.4.3. It has been declared as problematic. Affected by this...
Moderate
Unreviewed
CVE-2024-6469
was published
Jul 3, 2024
Soft Circle French-Bread Melty Blood: Actress Again: Current Code through 1.07 Rev. 1.4.0 allows...
Critical
Unreviewed
CVE-2024-39704
was published
Jul 3, 2024
DataGear v5.0.0 and earlier was discovered to contain a SpEL (Spring Expression Language)...
Critical
Unreviewed
CVE-2024-37759
was published
Jun 24, 2024
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection'...
Moderate
Unreviewed
CVE-2024-35680
was published
Jun 10, 2024
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection'...
Moderate
Unreviewed
CVE-2024-35728
was published
Jun 10, 2024
The EmailGPT service contains a prompt injection vulnerability. The service uses an API service...
Moderate
Unreviewed
CVE-2024-5184
was published
Jun 5, 2024
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection'...
Moderate
Unreviewed
CVE-2023-23738
was published
Jun 4, 2024
An arbitrary file upload vulnerability in the component \modstudent\controller.php of Pisay...
Critical
Unreviewed
CVE-2024-34919
was published
May 17, 2024
modules/Users/models/Module.php in Vtiger CRM 7.5.0 allows a remote authenticated attacker to run...
High
Unreviewed
CVE-2023-46304
was published
Apr 30, 2024
Mattermost Jira plugin versions shipped with Mattermost versions 8.1.x before 8.1.10, 9.2.x...
Moderate
Unreviewed
CVE-2024-2445
was published
Mar 15, 2024
This is a reflected cross site scripting vulnerability in the PaperCut NG/MF application server....
Moderate
Unreviewed
CVE-2024-1883
was published
Mar 14, 2024
This vulnerability allows an already authenticated admin user to create a malicious payload that...
High
Unreviewed
CVE-2024-1882
was published
Mar 14, 2024
An injection vulnerability has been reported to affect several QNAP operating system versions. If...
Moderate
Unreviewed
CVE-2024-21900
was published
Mar 8, 2024
ProTip!
Advisories are also available from the
GraphQL API