Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,978
Erlang
29
GitHub Actions
16
Go
1,765
Maven
4,990
npm
3,536
NuGet
616
pip
3,105
Pub
10
RubyGems
837
Rust
786
Swift
34
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

19,068 advisories

Loading
A hard-coded password vulnerability exists in the telnetd functionality of LevelOne WBR-6013... Critical Unreviewed
CVE-2023-46685 was published Jul 8, 2024
Fujian Kelixun <=7.6.6.4391 is vulnerable to SQL Injection in send_event.php. Critical Unreviewed
CVE-2024-39071 was published Jul 9, 2024
An issue in the component ControlCenter.sys/ControlCenter64.sys of ThundeRobot Control Center v2... Critical Unreviewed
CVE-2024-39251 was published Jul 1, 2024
A nested iframe, triggering a cross-site navigation, could send SameSite=Strict or Lax cookies.... Critical Unreviewed
CVE-2024-6611 was published Jul 9, 2024
Clipboard code failed to check the index on an array access. This could have lead to an out-of... Critical Unreviewed
CVE-2024-6606 was published Jul 9, 2024
In circ_read of link_device_memory_legacy.c, there is a possible out of bounds write due to an... Critical Unreviewed
CVE-2024-32905 was published Jun 13, 2024
Sensitive information disclosure in NetScaler Console Critical Unreviewed
CVE-2024-6235 was published Jul 10, 2024
14Finger v1.1 was discovered to contain a remote command execution (RCE) vulnerability in the... Critical Unreviewed
CVE-2024-37770 was published Jul 10, 2024
The SEOPress WordPress plugin before 7.9 does not properly protect some of its REST API routes,... Critical Unreviewed
CVE-2024-5488 was published Jul 9, 2024
A mismatch between allocator and deallocator could have lead to memory corruption. This... Critical Unreviewed
CVE-2024-6602 was published Jul 9, 2024
When generating the systemd service units for the docker snap (and other similar snaps), snapd... Critical Unreviewed
CVE-2020-27352 was published Jun 21, 2024
Alldata V0.4.6 is vulnerable to Incorrect Access Control. A total of many modules interface... Critical Unreviewed
CVE-2024-27602 was published Apr 2, 2024
Veeam Backup Enterprise Manager allows unauthenticated users to log in as any user to enterprise... Critical Unreviewed
CVE-2024-29849 was published May 23, 2024
A Stored Cross-Site Scripting (XSS) vulnerability exists in gaizhenbiao/chuanhuchatgpt version... Critical Unreviewed
CVE-2024-6035 was published Jul 11, 2024
CWE-200: Information Exposure vulnerability exists that could cause disclosure of credentials... Critical Unreviewed
CVE-2024-6407 was published Jul 11, 2024
The JSON API User plugin for WordPress is vulnerable to privilege escalation in all versions up... Critical Unreviewed
CVE-2024-6624 was published Jul 11, 2024
An issue was discovered in GitLab CE/EE affecting all versions starting from 15.8 prior to 16.11... Critical Unreviewed
CVE-2024-6385 was published Jul 11, 2024
The InstaWP Connect – 1-click WP Staging & Migration plugin for WordPress is vulnerable to... Critical Unreviewed
CVE-2024-6397 was published Jul 11, 2024
Missing authentication for a critical function in Palo Alto Networks Expedition can lead to an... Critical Unreviewed
CVE-2024-5910 was published Jul 10, 2024
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Membership Software... Critical Unreviewed
CVE-2024-37113 was published Jul 10, 2024
ServiceNow has addressed an input validation vulnerability that was identified in Vancouver and... Critical Unreviewed
CVE-2024-4879 was published Jul 10, 2024
ServiceNow has addressed an input validation vulnerability that was identified in the Washington... Critical Unreviewed
CVE-2024-5217 was published Jul 10, 2024
Rejetto HTTP File Server, up to and including version 2.3m, is vulnerable to a template injection... Critical Unreviewed
CVE-2024-23692 was published May 31, 2024
An unauthenticated remote attacker can manipulate the device via Telnet, stop processes, read,... Critical Unreviewed
CVE-2024-6422 was published Jul 10, 2024
SQL Injection vulnerability in Eskooly Web Product v.3.0 allows a remote attacker to execute... Critical Unreviewed
CVE-2024-27709 was published Jul 5, 2024
ProTip! Advisories are also available from the GraphQL API