GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,971
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,091
Pub
10
RubyGems
833
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
241,040 advisories
Filter by severity
A vulnerability classified as problematic was found in y_project RuoYi up to 4.7.9. Affected by...
Moderate
Unreviewed
CVE-2024-6511
was published
Jul 4, 2024
Robotmk before 2.0.1 allows a local user to escalate privileges (e.g., to SYSTEM) if automated...
High
Unreviewed
CVE-2024-39934
was published
Jul 4, 2024
jc21 NGINX Proxy Manager before 2.11.3 allows backend/internal/certificate.js OS command...
Unknown
Unreviewed
CVE-2024-39935
was published
Jul 4, 2024
An issue was discovered in HTTP2 in Qt before 5.15.18, 6.x before 6.2.13, 6.3.x through 6.5.x...
High
Unreviewed
CVE-2024-39936
was published
Jul 4, 2024
Cross Site Scripting (XSS) vulnerability in WofficeIO Woffice allows Reflected XSS.This issue...
High
Unreviewed
CVE-2024-37472
was published
Jul 4, 2024
Cross Site Scripting (XSS) vulnerability in WofficeIO Woffice Core allows Reflected XSS.This...
High
Unreviewed
CVE-2024-37471
was published
Jul 4, 2024
Cross Site Scripting (XSS) vulnerability in Automattic Newspack Ads allows Stored XSS.This issue...
Moderate
Unreviewed
CVE-2024-37474
was published
Jul 4, 2024
Cross Site Scripting (XSS) vulnerability in Automattic Newspack Campaigns allows Stored XSS.This...
Moderate
Unreviewed
CVE-2024-37476
was published
Jul 4, 2024
Gogs through 0.13.0 allows argument injection during the tagging of a new release.
High
Unreviewed
CVE-2024-39933
was published
Jul 4, 2024
Rejected reason: CVE assigned by mistake as a duplicate.
Unknown
Unreviewed
CVE-2024-6513
was published
Jul 4, 2024
Gogs through 0.13.0 allows argument injection during the previewing of changes.
Critical
Unreviewed
CVE-2024-39932
was published
Jul 4, 2024
Gogs through 0.13.0 allows deletion of internal files.
Critical
Unreviewed
CVE-2024-39931
was published
Jul 4, 2024
The built-in SSH server of Gogs through 0.13.0 allows argument injection in internal/ssh/ssh.go,...
Critical
Unreviewed
CVE-2024-39930
was published
Jul 4, 2024
Information exposure vulnerability in the MRW plugin, in its 5.4.3 version, affecting the ...
High
Unreviewed
CVE-2024-6506
was published
Jul 4, 2024
Kaiten 57.128.8 allows remote attackers to enumerate user accounts via a crafted POST request,...
Unknown
Unreviewed
CVE-2024-39211
was published
Jul 4, 2024
QR/demoapp/qr_image.php in Asial JpGraph Professional through 4.2.6-pro allows remote attackers...
Unknown
Unreviewed
CVE-2024-39165
was published
Jul 4, 2024
Exim through 4.97.1 misparses a multiline RFC 2231 header filename, and thus remote attackers can...
Unknown
Unreviewed
CVE-2024-39929
was published
Jul 4, 2024
VMware Cloud Director Availability contains an HTML injection vulnerability.
A
malicious actor...
Moderate
Unreviewed
CVE-2024-22277
was published
Jul 4, 2024
The Nested Pages plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions...
High
Unreviewed
CVE-2024-5943
was published
Jul 4, 2024
Command injection when ingesting a remote Kaggle dataset due to a lack of input sanitization in...
High
Unreviewed
CVE-2024-6507
was published
Jul 4, 2024
Under certain circumstances, when the controller is in factory reset mode waiting for initial...
Low
Unreviewed
CVE-2024-32754
was published
Jul 4, 2024
The One Click Order Re-Order plugin for WordPress is vulnerable to unauthorized modification of...
Moderate
Unreviewed
CVE-2024-5641
was published
Jul 4, 2024
Improper Authentication vulnerability in the mobile monitoring feature of ICONICS GENESIS64...
Moderate
Unreviewed
CVE-2024-1573
was published
Jul 4, 2024
Incorrect Default Permissions vulnerability in Smart Device Communication Gateway preinstalled on...
High
Unreviewed
CVE-2024-3904
was published
Jul 4, 2024
The IMGspider plugin for WordPress is vulnerable to arbitrary file uploads due to missing file...
High
Unreviewed
CVE-2024-6318
was published
Jul 4, 2024
ProTip!
Advisories are also available from the
GraphQL API