GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,976
Erlang
29
GitHub Actions
16
Go
1,765
Maven
4,990
npm
3,536
NuGet
616
pip
3,105
Pub
10
RubyGems
837
Rust
786
Swift
34
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
19,068 advisories
Filter by severity
A Stored Cross-Site Scripting (XSS) vulnerability exists in gaizhenbiao/chuanhuchatgpt version...
Critical
Unreviewed
CVE-2024-6035
was published
Jul 11, 2024
CWE-200: Information Exposure vulnerability exists that could cause disclosure of
credentials...
Critical
Unreviewed
CVE-2024-6407
was published
Jul 11, 2024
The JSON API User plugin for WordPress is vulnerable to privilege escalation in all versions up...
Critical
Unreviewed
CVE-2024-6624
was published
Jul 11, 2024
An issue was discovered in GitLab CE/EE affecting all versions starting from 15.8 prior to 16.11...
Critical
Unreviewed
CVE-2024-6385
was published
Jul 11, 2024
The InstaWP Connect – 1-click WP Staging & Migration plugin for WordPress is vulnerable to...
Critical
Unreviewed
CVE-2024-6397
was published
Jul 11, 2024
Missing authentication for a critical function in Palo Alto Networks Expedition can lead to an...
Critical
Unreviewed
CVE-2024-5910
was published
Jul 10, 2024
Sensitive information disclosure in NetScaler Console
Critical
Unreviewed
CVE-2024-6235
was published
Jul 10, 2024
14Finger v1.1 was discovered to contain a remote command execution (RCE) vulnerability in the...
Critical
Unreviewed
CVE-2024-37770
was published
Jul 10, 2024
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Membership Software...
Critical
Unreviewed
CVE-2024-37113
was published
Jul 10, 2024
ServiceNow has addressed an input validation vulnerability that was identified in Vancouver and...
Critical
Unreviewed
CVE-2024-4879
was published
Jul 10, 2024
ServiceNow has addressed an input validation vulnerability that was identified in the Washington...
Critical
Unreviewed
CVE-2024-5217
was published
Jul 10, 2024
An unauthenticated remote attacker can manipulate the device via Telnet, stop processes, read,...
Critical
Unreviewed
CVE-2024-6422
was published
Jul 10, 2024
Fujian Kelixun <=7.6.6.4391 is vulnerable to SQL Injection in send_event.php.
Critical
Unreviewed
CVE-2024-39071
was published
Jul 9, 2024
Microsoft Defender for IoT Elevation of Privilege Vulnerability
Critical
Unreviewed
CVE-2024-38089
was published
Jul 9, 2024
Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability
Critical
Unreviewed
CVE-2024-38074
was published
Jul 9, 2024
Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability
Critical
Unreviewed
CVE-2024-38076
was published
Jul 9, 2024
Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability
Critical
Unreviewed
CVE-2024-38077
was published
Jul 9, 2024
SQL Injection vulnerability in parameter "w" in file "druk.php" in MegaBIP software allows...
Critical
Unreviewed
CVE-2024-6527
was published
Jul 9, 2024
A mismatch between allocator and deallocator could have lead to memory corruption. This...
Critical
Unreviewed
CVE-2024-6602
was published
Jul 9, 2024
A nested iframe, triggering a cross-site navigation, could send SameSite=Strict or Lax cookies....
Critical
Unreviewed
CVE-2024-6611
was published
Jul 9, 2024
Clipboard code failed to check the index on an array access. This could have lead to an out-of...
Critical
Unreviewed
CVE-2024-6606
was published
Jul 9, 2024
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1)....
Critical
Unreviewed
CVE-2024-39872
was published
Jul 9, 2024
A BOLA vulnerability in GET, PUT, DELETE /secretaries/{secretaryId} allows a low privileged user...
Critical
Unreviewed
CVE-2023-38051
was published
Jul 9, 2024
A BOLA vulnerability in GET, PUT, DELETE /admins/{adminId} allows a low privileged user to fetch,...
Critical
Unreviewed
CVE-2023-38052
was published
Jul 9, 2024
A BOLA vulnerability in GET, PUT, DELETE /providers/{providerId} allows a low privileged user to...
Critical
Unreviewed
CVE-2023-38048
was published
Jul 9, 2024
ProTip!
Advisories are also available from the
GraphQL API